On May 3, 2008, at 8:22 PM, Tim Peiffer wrote: > > > Read John Rouillard's paper to the LISA2004 conference. Look for > 'missing events'. John's example is with Sendmail, but it can be > done with most any log. I implemented against DNS query transaction > logs. > > Ref: "Real-time log file analysis using the Simple Event > Correlator (SEC)" <http://www.cs.umb.edu/%7Erouilj/sec/> > (http://www.cs.umb.edu/~rouilj/sec/ > ) by John P. Rouillard - a paper with SEC ruleset examples that was > presented at USENIX LISA'2004. > > My example below.
Thanks, Tim. That seems to be what I'm looking for. And thanks for pointing out that paper, I'm definitely going to have to read the whole thing. -Jeremiah ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ Simple-evcorr-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
