Real-time log file analysis using the simple event correlator (SEC)

LISA 2004 - 18th Large Installation System Administration Conference

Volumn , Issue , 2004, Pages 133-149

  Rouillard, John P ^a  

^a UNIVERSITY OF MASSACHUSETTS BOSTON   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

AUTOMATED ANALYSIS; CURRENT ANALYSIS; EVENT CORRELATION; EVENT SEQUENCE; KEEP TRACK OF; LOG ANALYSIS; REAL TIME; UNIVERSITY OF MASSACHUSETTS;

WELL LOGGING;

EID: 51849126454     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (22)

1. [2swatch] ftp://ftp.sdsc.edu/pub/security/PICS/2swatch/ README.
2. Brown, Jim, "Working with SEC - the Simple Event Correlator, " http://sixshooter.v6. thrupoint.net/SEC-examples/article.html, November 23, 2003.
3. Brown, Jim, "SEC Logfuscator Project Announcement, " simple-evcorr-users mailing list, http://sourceforge.net/mailarchive/forum.php? thread_id=2712448&forum_id=2877, May 3, 2004.
4. Clark, Veronica, "To Maintain an Alarm Correlator, " Bachelor 's thesis, The University of New South Wales, http://www.hermes.net.au/pvb/ thesis/, 2000.
5. Finke, John, "Process Monitor: Detecting Events That Didn't Happen, " USENIX Systems Administration (LISA 16) Conference Proceedings, pp. 145-154, USENIX Association, 2002.
6. Hansen, Stephen E. and E. Todd Atkins, " A u t o m a t e d System Monitoring and Notification with Swatch, " USENIX Systems Administration (LISA VII) Conference Proceedings, pp. 145-156, USENIX Association, http://www.usenix.org/ publications/library/proceedings/lisa93/hansen. html, November 1993.
7. [logsurfer] http://www.cert.dfn.de/eng/logsurf/.
8. Prewett, James E., "Listening to Your Cluster with LoGS, " The Fifth LCI International Conference on Linux Clusters: TheHPC Revolution 2004, Linux Cluster Institute, http://www.linux clustersinstitute.org/Linux-HPC-Revolution/ Archive/PDF04/05-Prewett_J.pdf, May 2004.
9. [logwatch] Bauer, Kirk, http://www.logwatch.org/.
10. [logsurfer+] http://www.crypt.gen.nz/logsurfer/.
11. "ManagingYour Network with HP OpenView Network Node Manager, " Hewlett-Packard Company, Part number J5323-90000, January 2003.
12. Prewett, James E., private correspondence, March 2004.
13. [ruleCore] http://www.rulecore.com.
14. Sah, Adam, "A New Architecture for Managing Enterprise Log Data, " USENIX Systems Administration (LISA XVI) Conference Proceedings, pp. 121-132, USENIX Association, November 2002.
15. Vaarandi, Risto, http://kodu.neti.ee/~risto/sec/.
16. SimpleEvent Correlator (SEC) manpage, http://kodu.neti.ee/~risto/sec/sec.pl.htm.
17. SLAPS-2, http://www.openchannelfoundation. org/projects/SLAPS-2.
18. Bing, Matt and Carl Erickson, "Extending UNIX System Logging with SHARP, " USENIX Systems Administration (LISA XIV) Conference Proceedings, pp. 101-108, USENIX Association, http://www.usenix.org/publications/library/ proceedings/lisa2000/full_papers/bing/bing_html/ index.html, December 2000.
19. InterSectAlliance, http://www.intersectalliance. com/projects/SnareWindows/index.html.
20. [swatch] Atkins, Todd, http://swatch.sourceforge.net/.
21. Takada, Tetsuji and Hideki Koike, "MieLog A Highly Interactive Visual Log Browser Using Information Visualization and Statistical Analysis, " USENIX Systems Administration (LISA XVI) Conference Proceedings, pp. 133-144, USENIX Association, http://www.usenix.org/events/lisa02/ tech/takada.html, November 2002.
22. Vaarandi, Risto, "Re: Is this possible with SEC, " simple-evcorr-users mailing list, http://sourceforge.net/mailarchive/forum.php? thread_id=2712448&forum_id=2877, Jul 4, 2003.