Well, aside from authentication, connections, sw & hw failures, it would also be interesting to see any profile changes to the applications, along with who/what caused the change in profile. These profile changes could be anything from new users added to application to change in average memory footprint, or byte transfers. This would also cause many of the applications to be self auditing. I personally would like to see conf file access & changes logged as well. From the other side of the coin, for those of you that have written syslog normalizers, what are the basic "normalized" categories that youve settled on? This could give us a good picture of the overal categories of events. On Monday 26 August 2002 17:00, Tina Bird shared this knowledge: > i was trying to build a list of events > we'd like to see logged. -- Mike Poor gpg fingerprint: 31D3 6BD0 09D9 84B4 85E6 2EBA 0182 D447 97ED 6D41 _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Tue Aug 27 2002 - 09:12:22 PDT