Re: [logs] Logging standards?

From: todd glassey (todd.glasseyat_private)
Date: Sat Oct 27 2001 - 17:33:19 PDT

Next message: Sweth Chandramouli: "Re: [logs] Logging standards?"

Previous message: Rich Salz: "Re: [logs] Logging standards?"
In reply to: Rich Salz: "Re: [logs] Logging standards?"
Next in thread: Rich Salz: "Re: [logs] Logging standards?"
Next in thread: Sweth Chandramouli: "Re: [logs] Logging standards?"
Next in thread: Carl Husa: "Re: [logs] Logging standards?"
Reply: Rich Salz: "Re: [logs] Logging standards?"
Reply: todd glassey: "Re: [logs] Logging standards?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Rich - without a reasonable time management and verification regimen
Computer Records are only as reliable as the person testifying as to their
veracity. Even then, without an accompanying infrastructure that supports
their veracity and the audits to say that the systems was/were being
operated "properly"... you got squat.(IMHO at least)

Personally I think that should be inherently obvious and has always been one
of the arrogances of Systems Admins as a whole - "the how dare you our word"
mindset, and I am sorry - it just doesn't wash anymore.

These records must in commercial environments stand the test of time and
veracity as well and that means that they need significantly more than they
have today.

This is just my opinion of course but I am willing to lay wager on it.

Todd
----- Original Message -----
From: "Rich Salz" <rsalzat_private>
To: "todd glassey" <todd.glasseyat_private>
Cc: "Carl Husa" <carlhusaat_private>; <loganalysisat_private>
Sent: Saturday, October 27, 2001 3:07 PM
Subject: Re: [logs] Logging standards?


> >tracking its divergence from UTC during the session?
>
> Unh, why?

because in ten years when I try to corelate them to something that happened
in another computer I need something that is exactly the same between both
systems to link the log events - and that is not the stable ticking of the
clocks of these systems, but that they bot have something known in them at
the instant of the transaction. So its that time that I am concerned in. Now
it happens to be a whole lot easier for everyone if the Time used is UTC.

>
> Most people don't calibrate their watches very often and that's fine for
> evidence.
>
> Relative time, timezones -- not beyond the understanding of the courts.
> /r$
>
> --
> Zolera Systems, Securing web services (XML, SOAP, Signatures,
> Encryption)
> http://www.zolera.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: loganalysis-unsubscribeat_private
> For additional commands, e-mail: loganalysis-helpat_private
>



---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private

Next message: Sweth Chandramouli: "Re: [logs] Logging standards?"
Previous message: Rich Salz: "Re: [logs] Logging standards?"
In reply to: Rich Salz: "Re: [logs] Logging standards?"
Next in thread: Rich Salz: "Re: [logs] Logging standards?"
Next in thread: Sweth Chandramouli: "Re: [logs] Logging standards?"
Next in thread: Carl Husa: "Re: [logs] Logging standards?"
Reply: Rich Salz: "Re: [logs] Logging standards?"
Reply: todd glassey: "Re: [logs] Logging standards?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Oct 28 2001 - 08:17:50 PST