Perhaps it would be worth considering a third profile for syslog-reliable <ftp://ftp.isi.edu/internet-drafts/draft-ietf-syslog-reliable-12.txt> based on the COOKED profile, which places elements within the <entry>..</entry> tag. This allows one to piggyback on the benefits of syslog-reliable, while utilizing XML to handle the encoding of the log formats. Or even extending the COOKED profile to allow for unformatted AND XML data between the <entry> and </entry> tags. -- J. Gregory Wright Senior Software Engineer AT&T Information Security Center -----Original Message----- From: Corey Steele [mailto:CSteele@good-sam.com] Sent: Wednesday, August 15, 2001 9:19 AM To: edward.j.sargissonat_private; loganalysisat_private Subject: Re: [loganalysis] Logging standards and such Edward... I was thinking about this too! I think my motivation was slightly different (I'm currently researching IDS & Data Fusion theory, and this is one problem with the data fusion half of that field) but I think the desire for contiguous logging standards is valid! Is there other interest in this? (Speak up!) -C Corey J. Steele, Security Analyst Good Samaritan Society e-mail: csteele@good-sam.com voice: (605) 362-3899 >>> <edward.j.sargissonat_private> 08/13/01 05:17PM >>> I've been following the discussion of various logging standards, storage daemons and parsers. There appears to be a plethora of different log formats and a need to be able to monitor what is happening from a central points. However there doesn't seem to be a well-known common standard. Why don't we have a look at defining a common logging standard ourselves? We could then write little adaptors which hook into the custom formats and spit out our common standard. On top of that we can write standard parsing engines that can look at all the traffic and pass it through to standard interface tools (e.g. GUI or mail). I imagine there's enough talent here to do a good job. What do you think? Edward (I speak for myself and not my firm). ---------------------------------------------------------------- The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Wed Aug 15 2001 - 15:44:24 PDT