Re: [loganalysis] Logging standards and such

• Previous message: 'Nate Campi': "Re: [loganalysis] Re: Central syslog server best practices?"
• Maybe in reply to: edward.j.sargissonat_private: "[loganalysis] Logging standards and such"
• Next in thread: Chris Calabrese: "RE: [loganalysis] Logging standards and such"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Edward... 

I was thinking about this too!  I think my motivation was slightly different (I'm currently researching IDS & Data Fusion theory, and this is one problem with the data fusion half of that field) but I think the desire for contiguous logging standards is valid!

Is there other interest in this?  (Speak up!)

-C

Corey J. Steele, Security Analyst
Good Samaritan Society
e-mail: csteele@good-sam.com
voice: (605) 362-3899


>>> <edward.j.sargissonat_private> 08/13/01 05:17PM >>>
I've been following the discussion of various logging standards, storage
daemons and parsers.

There appears to be a plethora of different log formats and a need to be
able to monitor what is happening from a central points.
However there doesn't seem to be a well-known common standard.

Why don't we have a look at defining a common logging standard ourselves?
We could then write little adaptors which hook into the custom formats and
spit out our common standard. On top of that we can write standard parsing
engines that can look at all the traffic and pass it through to standard
interface tools (e.g. GUI or mail).

I imagine there's enough talent here to do a good job.

What do you think?

Edward

(I speak for myself and not my firm).
----------------------------------------------------------------
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.  Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited.   If you received
this in error, please contact the sender and delete the material from any
computer.


---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private 
For additional commands, e-mail: loganalysis-helpat_private 



---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private

• Next message: Chris Calabrese: "RE: [loganalysis] Logging standards and such"
• Previous message: 'Nate Campi': "Re: [loganalysis] Re: Central syslog server best practices?"
• Maybe in reply to: edward.j.sargissonat_private: "[loganalysis] Logging standards and such"
• Next in thread: Chris Calabrese: "RE: [loganalysis] Logging standards and such"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Aug 15 2001 - 11:20:22 PDT