John - I don't mean to be the arbiter of doom or the evil one ... but I think your response is dated. It shows a mindset wherein there is a willingness to trust the systems operators as the anchoring trust element and that is just plain foolish I think. Today more and more there is a need to abstract the operator from the systems logging process so that the process may support any testimony independently from us as to actions our machines take. ----- Original Message ----- From: "John Ladwig" <jladwigat_private> To: "todd glassey" <todd.glasseyat_private> Cc: "Fred Mobach" <fredat_private>; "Hal Snyder" <halat_private>; "Log Analysis Mailing List" <loganalysisat_private> Sent: Thursday, October 11, 2001 10:01 PM Subject: Re: [logs] Best Practices for Application Logging > > > > > > > > Keep to an absolute minimum the number of steps between the > > > > system creating log information and the person who needs it. The > > > > more complex a system is to configure and maintain, the less > > > > likely it is to be used. Avoid glitz and eye candy. > > > > > > > > The #1 most successful use of logging we have today simply scoops > > > > up new log content, looks for interesting items, and emails > > > > selected staff. This is after multiple generations of all sorts of > > > > more complicated stuff. We still run fancy GUIfied monitoring > > > > screens, but that is mainly for the visitors. :) > > > > And for the most part the content captured will not stand up in court since > > there is no way to tell where the logging data come from or how it was > > managed. Further it is your testimony that substantiates the even making you > > the lynchpin of the trust model. That is exactly the weakness that we need > > to address. Removing human culpability from the equation. > > Hmm? In my court experience, logged information "kept as normal business > records," attested to as accurate by someone who would be operationally > resposible for either the system or the records, suffices most times. Because no one knew any better then but they do now. > > Logs aren't formal mathematic proofs of anything, but even > non-cryptographically-signed and non-digitally-notarized records can be > used as part of a body of evidence and testimony to "prove beyond a > reasonable doubt." Until such time as any reasonable opposing counsel stands up and say's "prove it" and then you look like an... well you get the point I hope. > > Do you have substantive personal court experience to the contrary? Oh yes, and there is another new instance popping up every day - for instance take the Whitehouse "Email fiasco" of the Clinton Days was just such an instance. > > -jml > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: loganalysis-unsubscribeat_private > For additional commands, e-mail: loganalysis-helpat_private > > --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Fri Oct 12 2001 - 12:40:19 PDT