HSC - Presentations - Generation of regular expressions from logged events

Network Security Consulting Agency Since 1989 - Specialized in Unix, Windows, TCP/IP and Internet


You are here: Home > Resources > Lectures > Generation of regular expressions from logged events		Search:

Services

			Skills & Expertise
			Consulting
			ISO 27001 services
			Vulnerabilities monitoring
			Audit & Assessment
			Penetration tests
			Vunerability assessment (TSAR)
			Technical assistance
			Training courses
			E-learning

Conferences

			Agenda
			Past events
			Tutorials

Resources

			Thematic index
			Tips
			Lectures
			Courses
			Articles
			Tools (download)
			Vulnerability watch

Company

			Hervé Schauer
			Job opportunities
			Credentials
			History
			Partnerships
			Associations

Press and
communication

			HSC Newsletter
			Press review
			Press releases
			Publications

Contacts

			How to reach us
			Specific inquiries
			Directions to our office
			Hotels near our office


		Generation of regular expressions from logged events

Access to the content

Beginning of the presentation

PDF version [176 KB]

Description

A method to generate regular expressions from logged events

Context & Dates

Talk presented during Solutions Linux 2005, on 2 February 2005.

Author

Denis Ducamp

Type

[

]

Abstract &
Table of content

Flyleaf
Plan
Plan (1/6) : la journalisation
La journalisation
La journalisation : l'analyse de journaux
Plan (2/6) : la détection d'intrusion
La détection d'intrusion
La détection d'intrusion
Plan (3/6) : les expressions rationnelles
Les expressions rationnelles
Plan (4/6) : slct
slct : fonctionnement
slct : exemples (1/3)
slct : exemples (2/3)
slct : exemples (3/3)
Plan (5/6) : des utilisations de ces expressions
Des utilisations de ces expressions : scripts maison
Des utilisations... pour l'affichage temps réel
Des utilisations... en mode statique : swatch
Des utilisations... en mode statique : logcheck
Des utilisations... en mode dynamique : logsurfer
Des utilisations... en mode dynamique : sec
Plan (6/6) : d'autres possibilités
D'autres possibilités
Conclusion
Questions...

Related documents

Logging

Logging and incident processing [15 May 2008 -

]

Workstation Security [29 March 2007 -

]

Logs and incident processing [29 March 2007 -

]

Generation of rational expressions starting from journalized events [30 August 2004 -

]

Useful standards for network security [20 October 2003 -

]

Logging (how to be ready to incidents) [6 February 2003 -

]

Internet Firewall Management [23 June 2002 -

]

Installing Syslog-NG [29 October 2001 -

]

XML-Logs: Analyse your logs using XML encoding [10 October 2000 -

]

xml-logs tool [Log management using XML -

]

Universal Format for Logger Messages [May 1999 -

]

Intrusion Detection

Argus [19 February 2002 -

]

Advanced Intrusion Detection

Encrypting hostile Web content over HTTP [31 May 2007 -

]

Intrusion Prevention : New reinforcement tools for perimetric defense [16 June 2005 -

]

Intrusion detection and network forensic [6 May 2004 -

]

Intrusion Detection [25 September 2002 -

]

Advanced Intrusion Detection Environment (AIDE) [9 January 2002 -

]

Follow-up on discovering the libnids [6 September 2001 -

]

Introduction to the libnids [13 April 2001 -

]

rkscan tool [Rootkit scanner for loadable kernel-module rootkits -

]

RKSCAN: Scanner for loadable kernel-module rootkits [25 October 2000 -

]

Presentation and detection of the ADORE rootkit [16 October 2000 -

]

IDSwakeup tool [Test of intrusion detection systems -

]

Round table on intrusion detection [8 June 2000 -

]

Technical method to evade intrusion detection system. [27 March 2000 -

]

Help to detect attack, intrusion and anomaly. [27 March 2000 -

]

Introduction to intrusion detection [26 January 2000 -

]

Presentation of some free software for intrusion detection [26 January 2000 -

]

Intrusion detection with Shadow [6 July 1999 -

]

Copyright