I'm starting the draft of the logging requirements document based on the wonderful discussion we've been having -- carefully avoiding discussions of message formats, transport mechanisms, or timestamps, at least for the first draft ;-) Here's a pointer to the references people have suggested: The Rainbow Series is online in PostScript and PDF at http://www.radium.ncsc.mil/tpep/library/rainbow/ Look for "A Guide to Understanding Audit in Trusted Systems" especially if you're suffering from insomnia. Gak. The things I read in my spare time... Network Security Requirements for Devices Implementing Internet Protocol draft-jones-netsec-reqs-00 http://www.port111.com/docs/netsec-reqs.html Section 2.5 discusses event logging requirements We'll be adding these to the Log Analysis Web site shortly. t. "Wine is strong, the King is stronger, women are strongest, but TRUTH conquers all." ----- Inscription in the Rosslyn Chapel (near Edinburgh, Scotland) http://www.shmoo.com/~tbird Log Analysis http://www.counterpane.com/log-analysis.html VPN http://vpn.shmoo.com _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Fri Aug 30 2002 - 00:25:52 PDT