> > > > > > Keep to an absolute minimum the number of steps between the > > > system creating log information and the person who needs it. The > > > more complex a system is to configure and maintain, the less > > > likely it is to be used. Avoid glitz and eye candy. > > > > > > The #1 most successful use of logging we have today simply scoops > > > up new log content, looks for interesting items, and emails > > > selected staff. This is after multiple generations of all sorts of > > > more complicated stuff. We still run fancy GUIfied monitoring > > > screens, but that is mainly for the visitors. :) > > And for the most part the content captured will not stand up in court since > there is no way to tell where the logging data come from or how it was > managed. Further it is your testimony that substantiates the even making you > the lynchpin of the trust model. That is exactly the weakness that we need > to address. Removing human culpability from the equation. Hmm? In my court experience, logged information "kept as normal business records," attested to as accurate by someone who would be operationally resposible for either the system or the records, suffices most times. Logs aren't formal mathematic proofs of anything, but even non-cryptographically-signed and non-digitally-notarized records can be used as part of a body of evidence and testimony to "prove beyond a reasonable doubt." Do you have substantive personal court experience to the contrary? -jml --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Fri Oct 12 2001 - 09:41:36 PDT