Re: [loganalysis] why read your logs?

From: John Kinsella (jlkat_private)
Date: Mon Sep 10 2001 - 23:09:58 PDT

  • Next message: Lance Spitzner: "Re: [loganalysis] why read your logs?"

    Try this one on - it starts romantic but turns business-like.
    Success depends on the enthusiam you put behind it. ;)
    It comes down to trust.  Do I trust you?  Would I take a blind leap and
    put my heart in your hands and trust you to not, even by accident, do
    anything that would hurt me?
    Not reviewing logs says "I have faith that any access to my machines
    is genuinely good-natured, and all our code is perfect and will
    never need to be debugged."  The privledge of trust should not be
    cheaply thrown about in a security design.  An MBA doesn't use trust
    to make his business succeed.  A business does not get it's first
    round of funding thanks to the founder telling a VC "Trust me!  This
    is the next big thing!"
    A teenage punk with that new neato code red stuff might say "Trust
    me...I won't run it against your website." Hopefully even if you
    are fool enough to believe him, you won't be fool enough to trust
    the results of his escapades.
    To tie into what Brian Hatch mentioned about the marketing people like the pretty graphs, but one of the main
    reasons (IMHO) they like these is they provide justification for
    the money that is being allocated for a project.  Logs may not be
    as sexy as a graph, but that just means you have to generate graphs
    of the results of reviewing your logs. ;)  In this economy, tangible
    evidence is necessary.  And just archiving that evidence away is
    almost as useless as not gathering it in the first place.
    On Mon, Sep 10, 2001 at 07:26:35PM -0500, Tina Bird wrote:
    > that ought to cause a bit of a rumpus.
    > i've been tasked with giving a presentation to a group
    > of manager types who do not have our understanding of the
    > importance of staffing for log monitoring.  i've got a 
    > couple of analogies to use for them -- things like asking
    > how many of them balance their checkbooks or read their credit
    > card statements -- but figured that this group might have
    > an idea or two of how to convince a non-technie (or a new
    > sys admin) of how important this is...
    > any ideas?
    > thanks -- tbird
    > LogAnalysis:
    > VPN:
    > life:
    > work:
    > ---------------------------------------------------------------------
    > To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    > For additional commands, e-mail: loganalysis-helpat_private
    To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    For additional commands, e-mail: loganalysis-helpat_private

    This archive was generated by hypermail 2b30 : Mon Sep 10 2001 - 23:14:43 PDT