A few preliminary log analysis thoughts(SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System)
SANS的には以下は読み見るらしいのでWatchリストに入れておこう。
The log analysis mailing list
The log analysis web site created by Marcus Ranum and Tina Bird
SEC (Simple Event Correlator), which I once described to SANS instructor David Hoelzer as "swatch on steroids"
the SEC rules being collected by the Bleeding Snort project
Marcus Ranum's nbs tool
Logwatch