Re: [loganalysis] Logging standards and such

• Previous message: Rich Salz: "Re: [loganalysis] Logging standards and such"
• In reply to: Jose Nazario: "Re: [loganalysis] Logging standards and such"
• Next in thread: Mordechai T. Abzug: "Re: [loganalysis] Logging standards and such"
• Next in thread: Wright, Joseph G (Gregory), GOVMK: "RE: [loganalysis] Logging standards and such"
• Reply: Mordechai T. Abzug: "Re: [loganalysis] Logging standards and such"
• Reply: Hal Snyder: "Re: [loganalysis] Logging standards and such"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dudes -- A data format specification doesn't need to
specify the transport layer, so to some extent the
discussion of the best way to get the logging data from
the client to the loghost is not part of a log format
spec.  

The main difficulty I see with data formats in log 
messages is that they might turn into MIBs.  It would
be nice to have some sort of agreement amongst application
and OS developers on what kinds of messages get sent to
the various syslog priorities -- it continually amazes
me that there's not more guidance avaiable -- and more
effort to guarantee that everything that logs to syslog
includes the sort of basic information, like timestamps,
unique service names (there are a horrifying number of
things that speak syslog that don't identify themselves),
host identifiers...

So maybe we could reach consensus on the categories of
events that fall into different syslog priorities, for
a start?

On Thu, 16 Aug 2001, Jose Nazario wrote:

> Date: Thu, 16 Aug 2001 09:47:56 -0400 (EDT)
> From: Jose Nazario <joseat_private>
> To: Corey Steele <CSteele@good-sam.com>
> Cc: michielat_private, edward.j.sargissonat_private,
     loganalysisat_private
> Subject: Re: [loganalysis] Logging standards and such
> 
> On Wed, 15 Aug 2001, Corey Steele wrote:
> 
> > Why not https?  Why not SSH tunnels?
> 
> please go learn SSL/TLS basics. HTTPS is *one* implementation of a
> protocol over SSL.
> 
> 
> SSL and TLS Essentials: Securing the Web
> by Stephen A. Thomas
> ISBN: 0471383546
> 
> thanks. hopefully you'll see that many of your conclusions are based on
> what may very well be a poor understanding of what TLS/SSL are and how
> they work. while an applicaton would have to learn how to speak SSL/TLS to
> use it natively, various wedge applications can do the SSL tunneling,
> negotiation etc for naive apps or ones you can't force SSL into (ie no
> source).
> 
> hope that helps. (FWIW, for VPNs i prefer IPsec tunnels.)
> 
> ____________________________
> jose nazario						     joseat_private
> 	      	     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
> 				       PGP key ID 0xFD37F4E5 (pgp.mit.edu)
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: loganalysis-unsubscribeat_private
> For additional commands, e-mail: loganalysis-helpat_private
> 

VPN:  http://kubarb.phsx.ukans.edu/~tbird/vpn.html
life: http://kubarb.phsx.ukans.edu/~tbird
work: http://www.counterpane.com


---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private

• Next message: Mordechai T. Abzug: "Re: [loganalysis] Logging standards and such"
• Previous message: Rich Salz: "Re: [loganalysis] Logging standards and such"
• In reply to: Jose Nazario: "Re: [loganalysis] Logging standards and such"
• Next in thread: Mordechai T. Abzug: "Re: [loganalysis] Logging standards and such"
• Next in thread: Wright, Joseph G (Gregory), GOVMK: "RE: [loganalysis] Logging standards and such"
• Reply: Mordechai T. Abzug: "Re: [loganalysis] Logging standards and such"
• Reply: Hal Snyder: "Re: [loganalysis] Logging standards and such"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 16 2001 - 09:56:31 PDT