LogAnalysis Mode:
(Page 8 of 91)  < Prev  3 4 5 6 7 8 9 10 11 12 13  Next >
[logs] too many false alarms 2008-01-24
Jon Stearley (jrstear sandia gov) (3 replies)
what false alarm rate do you tolerate for your current monitoring
system? is 1 false alarm in 4 ok? 1 in 10? 1 in 100?

a related question is: what false alarm rate must anomaly detection
systems achieve to be useful?

i know this is person/site/situation/etc specific, and welcome any
ballp

[ more ]  [ reply ]
Re: [logs] too many false alarms 2008-01-25
Ron Gula (rgula tenablesecurity com)
Re: [logs] too many false alarms 2008-01-25
Marcus J. Ranum (mjr ranum com)
Re: [logs] too many false alarms 2008-01-25
Bennett Todd (bet rahul net)
Re: [logs] ugliest application logs ever? 2008-01-24
Jason Lewis (jlewis packetnexus com) (1 replies)
Except they didn't standardize the keys....

proto=6 src zone=Trust dst zone=Untrust action=Permit

There is a space before zone that hoses things up.

Dilley, Ron wrote:
> Jas,
>
> This does not look too bad as long as you don?t use regex to parse it.
>
> Key=value all the way . . .
>
> Ron
>
>
>
>

[ more ]  [ reply ]
Re: [logs] ugliest application logs ever? 2008-01-25
David Corlette (DCorlette novell com)
[logs] ugliest application logs ever? 2008-01-24
Anton Chuvakin (anton chuvakin org) (5 replies)
All,

Ah, long time - no post! :-)

I wanted to turn this into a formal contest but figured I'd poll the
list first: what are the ugliest, most useless application logs that
you've seen? Logs that defy log analysis, that are full of numeric
codes not explained anywhere? Logs that don't say what they

[ more ]  [ reply ]
Re: [logs] ugliest application logs ever? 2008-01-24
Leo D. Geoffrion (ldg skidmore edu) (1 replies)
RE: [logs] ugliest application logs ever? 2008-01-24
Tina Bird (tbird precision-guesswork com)
Re: [logs] ugliest application logs ever? 2008-01-24
Jason Lewis (jlewis packetnexus com) (1 replies)
Re: [logs] ugliest application logs ever? 2008-01-24
Andrew Hay (andrewsmhay gmail com)
Re: [logs] ugliest application logs ever? 2008-01-24
David Corlette (DCorlette novell com) (3 replies)
RE: [logs] ugliest application logs ever? 2008-01-25
Mark Poepping (poepping cmu edu)
Re: [logs] ugliest application logs ever? 2008-01-24
Marcus J. Ranum (mjr ranum com)
Re: [logs] ugliest application logs ever? 2008-01-24
Anton Chuvakin (anton chuvakin org)
Re: [logs] ugliest application logs ever? 2008-01-24
John Kinsella (jlk thrashyour com) (3 replies)
RE: [logs] ugliest application logs ever? 2008-01-24
Fenwick, Wynn (wynn fenwick cgi com) (1 replies)
Re: [logs] ugliest application logs ever? 2008-01-24
Patrick Whalen (pwhalen rescomp com)
RE: [logs] ugliest application logs ever? 2008-01-24
Paul Melson (pmelson gmail com)
Re: [logs] ugliest application logs ever? 2008-01-24
Matt Cuttler (mcuttler bnl gov) (2 replies)
RE: [logs] ugliest application logs ever? 2008-01-24
Rainer Gerhards (rgerhards hq adiscon com) (1 replies)
Re: [logs] ugliest application logs ever? 2008-01-24
Daniel Cid (dcid ossec net)
Re: [logs] ugliest application logs ever? 2008-01-24
Andrew Hay (andrewsmhay gmail com)
RE: [logs] ugliest application logs ever? 2008-01-24
Tina Bird (tbird precision-guesswork com) (2 replies)
Re: [logs] ugliest application logs ever? 2008-01-24
Jason Haar (Jason Haar trimble co nz)
RE: [logs] ugliest application logs ever? 2008-01-24
Marcus J. Ranum (mjr ranum com) (1 replies)
Re: [logs] ugliest application logs ever? 2008-01-24
Tim Sailer (sailer bnl gov)
Re: RE [logs] Getting Windows logs through WMI 2008-01-17
Vincent Bernat (bernat luffy cx)

On Wed, 16 Jan 2008 14:49:30 -0800 (PST), E G <bronc94583 (at) yahoo (dot) com [email concealed]> wrote:
> I've done extensive testing with the Samba and
> Samba-ng versions of implementing WMI, and neither of
> them are correct in their implementation (unless a
> newer version has come out in 07 that I haven't seen).

You can

[ more ]  [ reply ]
Re: RE [logs] Getting Windows logs through WMI 2008-01-16
Harlan Carvey (keydet89 yahoo com)
I have code that implements WMI in Perl for a variety of functions, but
using WMI to grab Event Logs is ssssslllllloooooowwwww.....

------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Response"
"Windows Forensic Analysis"
"Perl Scripting for Windows Se

[ more ]  [ reply ]
(Page 8 of 91)  < Prev  3 4 5 6 7 8 9 10 11 12 13  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus