User login

Weekly Report - 14/8/15




Added the functionality of comparing a window within both logs to see the relationship between a time period. This way the part which examines a single event to a window can be considered to break it down further.

Have learnt that with the repetitiveness of log files alot of the connections that were being added as tokens weren't really telling us anything so those were ignored and blacklisted to see what could be connected. For example just looking at ip addresses and further breaking that down to IP addresses not on the 130.217 network.

To see if we can find anything really useful other logs are being considered since we want to see if a useful event could be detected. As an example from the sys log we could possibly detect a power outage if we saw in two machines that the same log at the same time period rebooted etc.