Re: [loganalysis] Logging standards and such

From: Corey Steele (CSteele@good-sam.com)
Date: Wed Aug 15 2001 - 12:16:47 PDT

  • Next message: Ron Russell: "Re: [loganalysis] Re: Central syslog server best practices?"

    XML, yes; HTTPS, no.
    
    Why not https?  Why not SSH tunnels?  
    1) SSH Tunnels are more simple to setup.
    2) SSH is more widely available (i.e. more likely to exist on a wider range of systems)
    3) SSH isn't bound to the antiquated standards of data transfer that are imposed by HTTPS.  Yes, implementing a read/write packet-level protocol won't be as easy to implement, but it could prove to be faster and more portable.
    
    Am I vexed on re-inventing the wheel?  no.  Do I think https is a *bad* idea?  no, just not a *good* idea.
    
    Just my $0.02.
    
    -C
    
    
    Corey J. Steele, Security Analyst
    Good Samaritan Society
    e-mail: csteele@good-sam.com
    voice: (605) 362-3899
    
    
    >>> <edward.j.sargissonat_private> 08/14/01 06:19PM >>>
    
    Oh, I agree. It almost certainly should be in XML. However, we would still
    need to define a useful DTD.
    
    The HTTPS idea is a good one - although are there not processor overhead
    issues we need to worry about?
    
    Edward
    
    
    
    
    Michiel van der Kraats <michielat_private> on 15/08/2001 10:21:10
    
    Please respond to michielat_private 
    
    To:    Edward J Sargisson/NZ/MCS/PwC@AsiaPac
    cc:    loganalysisat_private 
    Subject:    Re: [loganalysis] Logging standards and such
    
    
    edward.j.sargissonat_private wrote:
    >
    > Why don't we have a look at defining a common logging standard ourselves?
    > We could then write little adaptors which hook into the custom formats
    and
    > spit out our common standard. On top of that we can write standard
    parsing
    > engines that can look at all the traffic and pass it through to standard
    > interface tools (e.g. GUI or mail).
    >
    > What do you think?
    >
    
    Without sounding like a zealot, maybe using XML for something like this
    is a good idea? Tools are easy enough to come by (Perl et al), It's
    standardized, self-descriptive and easily extendable. We could use https
    as a secure transport to a central logging server.
    
    --
    Michiel van der Kraats
    
    
    
    
    
    
    ----------------------------------------------------------------
           The information transmitted is intended only for the person or
           entity to which it is addressed and may contain confidential and/or
           privileged material.  Any review, retransmission, dissemination or
           other use of, or taking of any action in reliance upon, this
           information by persons or entities other than the intended recipient
           is prohibited.   If you received this in error, please contact the
           sender and delete the material from any computer.
    
    
    ---------------------------------------------------------------------
    To unsubscribe, e-mail: loganalysis-unsubscribeat_private 
    For additional commands, e-mail: loganalysis-helpat_private 
    
    
    
    ---------------------------------------------------------------------
    To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    For additional commands, e-mail: loganalysis-helpat_private
    



    This archive was generated by hypermail 2b30 : Wed Aug 15 2001 - 15:40:30 PDT