I'm in the process of setting up a centralized log server here, and i was wondering, from a potential forensics point of view, what are the requirements for archiving logs such that they are maximally useful down the road. My current thoughts are : * they should be archived to tamper proof (write once) media, such as CD- or DVD-R. * they should have as a minimum a hash applied and stored with them (how to implement is the question) * They should ideally be organized for easy perusing. Anything i'm missing? I've read around that several implementations support some sort of hash for modification detection, could someone point me to the specs for these hash systems? are they based on a standard (rfc?) Thanks a million, Blaise St-Laurent _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Wed Dec 11 2002 - 09:43:40 PST