Functions and Technologies
Pattern recognition is a function of selecting incoming messages and compare with pattern book in order to filter or handle different way.
Normalization is the function of converting message parts to same format (e.g. common date format or normalized IP address).
Classification and tagging is order messages in different classes or tag them with different keywords for later usage (e.g. filtering or display).
Correlation analysis is a technology of collecting messages from different systems and finding all the messages belong to one single event (e.g. messages generated by malicious activity on different systems: network devices, firewalls, servers, etc.). It is usually connected with alerting system.
Artificial Ignorance a process of discarding log entries which are known to be uninteresting. Artificial ignorance is a method to detect the anomalies in a working system. In log analysis, this means recognizing and ignoring the regular, common log messages that result from the normal operation of the system, and therefore are not too interesting. However, new messages that have not appeared in the logs before can signal important events, and should be therefore investigated.
Read more about this topic: Log Analysis
Famous quotes containing the word functions:
“Empirical science is apt to cloud the sight, and, by the very knowledge of functions and processes, to bereave the student of the manly contemplation of the whole.”
—Ralph Waldo Emerson (1803–1882)