Screen shots of ebuzzsaw


This is the main menu for the user interface.

 


From the main menu, if we choose report #8. This would show any issues over the last x-sec/mins/hours/days/months/years.
Here we have chosen 1.1 days.


We notice on the above report, that one of the NT machines has two 'security' issues, which we would like to know more about. One would drill down into the report, by following the hyperlink 'security' in the 'source' column and host 'ro'.

 

 

 

 

 

 


We now go back to report #8, as we also noticed that 'sshd2' was complaining, so we follow that hyperlink of report #8 to get the 'sshd2' detail. We see in the detail that someone was trying to log into this unix server using a wrong user name. We can now ascertain if this is a issue and take corrective steps.

Going back to the main menu, we now want to review the network as a whole and review the general info. We now chose report # 5. This will show all our equipment, their logs and the process that created the log message. This view also shows via bar graph the quantity of log entries for the time period we are looking at.

 

 

 

 


We noticed from report # 5 that sudo had log a issue, so we drill down off that report to see that a bad sudo password had been attempted against one of our UNIX machines. This might have been a admin forgetting their password or maybe we should investigate this a little deeper.

 

 

 

 

 

 

 


From report #8 we choose to look at one of our routers. The screen shots to the left has been broken in two, as they can't be scrolled like would normally be done in the browser. Note on the bottom shot the table (right hand image of the two) there are controls for listing what group of 100 is looked at and the navigation buttons used for the displayed data/logs.

From report # 8 we notice that one of our dns machines has been logging some items, so we drill down to see that all is well, although some issues may need to be addressed, when time allows.

 

 


We can go back to the main menu at anytime and or have multiple browsers open if we wish to compare / investigate multiple log entries at the same time.

 

 

 


From the main menu, we now would like to search for issues with our UNIX machines, regarding "cpu,memory or hard disks", so we choose report # 100. All looks well.

Back to the main menu and now we want to look for bad log in attempts against our NT machines. We choose report # 529 over the last 6.0 hours and get this report. From here we can drill down to see the detail.

 

 

 

 

 

 


This is the detail report that is the result of the drill down we did from report # 529. This shows us that we had 34 bad log in attempts against one of our NT machines. This detail shows that an attempt on the 'administrator' account has taken place and from a machine called "labview2". This should not be and will prompt further investigation.

Back at the main menu we choose to see the total number of log messages collected. This machine has collected a little over 13,000,000 logs at this point.

 

 

 

 


We now want to see a summation of the logs being collected by host by log priority. From the main menu, if we choose report # 901. This would show a table of how many logs over the last x-sec/mins/hours/days/months/years.
Here we have chosen 1.0 hours.