Re: [logs] Centralizing Audit Logging and Reporting

From: Alexandre Dulaunoy (alexat_private)
Date: Sun May 05 2002 - 13:08:29 PDT

Next message: Brian Anon: "[logs] Centralizing Audit Logging and Reporting"

Previous message: Marcus J. Ranum: "Re: [logs] Centralizing Audit Logging and Reporting"
In reply to: Marcus J. Ranum: "Re: [logs] Centralizing Audit Logging and Reporting"
Next in thread: Tycho Fruru: "Re: [logs] Centralizing Audit Logging and Reporting"
Next in thread: Bill Hill: "RE: [logs] Centralizing Audit Logging and Reporting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 4 May 2002, Marcus J. Ranum wrote:

> Jhumri Tilayia wrote:
> >Marcus J Ranum was working on a syslog parser thingie. He wanted to release the source code after the Orlando SANS conference. You may want to check with him since it will be an integral part of the system you are trying to build.
> 
> Yep. Fargo. Unfortunately, Fargo is dead in the water, about 95% completed.
> I won't be able to release it, or the HotZone honeypot; the intellectual property
> is owned by NFR Security and it's not going to belong to me.

<offtopic>
So you don't have a working contract with your author rights going to you 
and the company for Free Software project ? (dual copyright owner) 

With the GNU General Public License, you can have a multiple copyright 
holder and a protection for the employee and the employer...
</offtopic>

About logging in honeypot/net (we are setting up one in Luxembourg), we 
are trying to find an alternative method of logging via non-visible (or 
difficult to see) transport. Do you have any idea around remote logging 
with alternative LCP protocol or other methods ? 

adulau

> 
> I am planning on beginning another log parsing project, using a slightly different
> approach and will be making that code available when it's done - so this is really
> only a minor setback. I expect to have something ready and posted in the summer
> time. When I have it ready for beta I'll announce it here.
> 
> mjr.
> ---
> Marcus J. Ranum			Computer and communications Security
> photonerdat_private		http://www.ranum.com
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: loganalysis-unsubscribeat_private
> For additional commands, e-mail: loganalysis-helpat_private
> 

-- 
Alexandre Dulaunoy			adulauat_private
http://wwww.foo.be/					
http://www.conostix.com/


---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private

Next message: Brian Anon: "[logs] Centralizing Audit Logging and Reporting"
Previous message: Marcus J. Ranum: "Re: [logs] Centralizing Audit Logging and Reporting"
In reply to: Marcus J. Ranum: "Re: [logs] Centralizing Audit Logging and Reporting"
Next in thread: Tycho Fruru: "Re: [logs] Centralizing Audit Logging and Reporting"
Next in thread: Bill Hill: "RE: [logs] Centralizing Audit Logging and Reporting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun May 05 2002 - 23:20:26 PDT