 |
Screen
shots of ebuzzsaw
|

This is the main
menu for the user interface.
|
 |
|

From the main menu,
if we choose report #8. This would show any issues over the last x-sec/mins/hours/days/months/years.
Here we have chosen 1.1 days.
|
We notice on the
above report, that one of the NT machines has two 'security' issues,
which we would like to know more about. One would drill down into the
report, by following the hyperlink 'security' in the 'source' column
and host 'ro'.
|

|
|

We now go back to report
#8, as we also noticed that 'sshd2' was complaining, so we follow that
hyperlink of report #8 to get the 'sshd2' detail. We see in the detail
that someone was trying to log into this unix server using a wrong user
name. We can now ascertain if this is a issue and take corrective steps. |
Going back to the
main menu, we now want to review the network as a whole and review the
general info. We now chose report # 5. This will show all our equipment,
their logs and the process that created the log message. This view also
shows via bar graph the quantity of log entries for the time period
we are looking at.
|

|
We noticed from report
# 5 that sudo had log a issue, so we drill down off that report to see
that a bad sudo password had been attempted against one of our UNIX
machines. This might have been a admin forgetting their password or
maybe we should investigate this a little deeper.
|

|
|

From report #8 we choose
to look at one of our routers. The screen shots to the left has been broken
in two, as they can't be scrolled like would normally be done in the browser.
Note on the bottom shot the table (right hand image of
the two) there are controls for listing what group of 100 is looked
at and the navigation buttons used for the displayed data/logs. |
From report # 8 we
notice that one of our dns machines has been logging some items, so
we drill down to see that all is well, although some issues may need
to be addressed, when time allows.
|

|
We can go back to
the main menu at anytime and or have multiple browsers open if we wish
to compare / investigate multiple log entries at the same time.
|

|
|

From the main menu,
we now would like to search for issues with our UNIX machines, regarding
"cpu,memory or hard disks", so we choose report # 100. All looks
well. |
Back to the main
menu and now we want to look for bad log in attempts against our NT
machines. We choose report # 529 over the last 6.0 hours and get this
report. From here we can drill down to see the detail.
|

|
|

This is the detail
report that is the result of the drill down we did from report # 529.
This shows us that we had 34 bad log in attempts against one of our NT
machines. This detail shows that an attempt on the 'administrator' account
has taken place and from a machine called "labview2". This should
not be and will prompt further investigation. |
Back at the main
menu we choose to see the total number of log messages collected. This
machine has collected a little over 13,000,000 logs at this point.
|

|
|

We now want to see
a summation of the logs being collected by host by log priority. From
the main menu, if we choose report # 901. This would show a table of how
many logs over the last x-sec/mins/hours/days/months/years.
Here we have chosen 1.0 hours. |
|
|