Hi all,
I am currently thinking about a traffic-volume based approach to detect
unusual situations and issue alerts. This is in the context of advanced
analysis output plugins (which will later also be able to run
standalone).
I have some ideas, but in order to refine them, I need some real-world
syslog traffic data. I am in need of the volume of syslog messages per
second, as it evolves over multiple days (preferably over a period of
one or two month - and to get started a week worth of this data).
I wonder if anyone of you would be interested in providing me such a
traffic sample. The data I need would be totally anonymous. All I need
is a file with one line per second: timestamp and number of messages per
second (no information about message content or any other message
property). However, these two fields must be correct and not be any
further processed. After all, the root idea is to detect something from
the patterns and mangled ones would be very counter-productive.
If there is interest (multiple contributors would be happily accepted),
I would write an output plugin for rsyslog that gathers this data. It
would be very useful to have at least one high-volume environment inside
the sample.
Please let me know if you could contribute to this effort. Your help
would be deeply appreciated.
Thanks,
Rainer
I am currently thinking about a traffic-volume based approach to detect
unusual situations and issue alerts. This is in the context of advanced
analysis output plugins (which will later also be able to run
standalone).
I have some ideas, but in order to refine them, I need some real-world
syslog traffic data. I am in need of the volume of syslog messages per
second, as it evolves over multiple days (preferably over a period of
one or two month - and to get started a week worth of this data).
I wonder if anyone of you would be interested in providing me such a
traffic sample. The data I need would be totally anonymous. All I need
is a file with one line per second: timestamp and number of messages per
second (no information about message content or any other message
property). However, these two fields must be correct and not be any
further processed. After all, the root idea is to detect something from
the patterns and mangled ones would be very counter-productive.
If there is interest (multiple contributors would be happily accepted),
I would write an output plugin for rsyslog that gathers this data. It
would be very useful to have at least one high-volume environment inside
the sample.
Please let me know if you could contribute to this effort. Your help
would be deeply appreciated.
Thanks,
Rainer