Hi, > I came across this project on the wiki: > http://wiki.netbsd.org/projects/project/logwatch/ and it seemed > interesting to me. I recently took a course on machine learning so I > am thinking to look into this project in the coming days. I cannot really imagine how such a tool should work, but I'm absolutely clueless about AI. ;-) I simply cannot think of any possibility of summarizing logs except for e.g. searching for terms like 'error', 'fail' or 'warning', in many cases they are just too different and unorganized. > Now, I am not a sys admin, nor I have any experience of doing any > significant sys admin related work. So in other words I don't have any > idea what logs are important from a sys admin's point of view, what > does a sys admin consider important in a log and what is really not > important. How do they distinguish between important and non-important > stuff in the logs. The problematic events I can think of immediately are: * reoccuring events (often with varying parameters) * mass events * logins or login attemps, especially the usual scanning ones if they reoccur * events with high log levels > And also, are there existing tools like this which help in monitoring > and classifying logs ? > > Any details about these topics or pointers to the literature which > tells about these kind of things will be highly appreciated, as I > think if I want to play with this idea then I need to setup such an > environment on my system as well. I don't know of any, but simply having a look at the great services (Apache, openldap, postfix, pam, raidframe) might give you an insight what you have to expect. Anyway, the project seems interesting, if you need insight from the administrator's perspective, just contact me. Regards, Julian
Attachment:
signature.asc
Description: PGP signature