On Wed, 11 Dec 2002, Bennett Todd wrote: > If I were trying to build such a lashup, I'd _definitely_ decouple > this one from the "write-once media" aspect. Browsing huge numbers > of slow disks is no fun. I'd maybe discuss alternatives for how to > make the 'tamper-resistent logs', but I think it's inarguable that > for nice browsing you want online archives on big fast disk, stored > in compressed files, with helper indices to enable fast searching > for what you want. One possible reasonable approach is full-text > indexing on the messages, plus auxiliary indices with something like > cdb hashes for the fixed fields of interest. You can always either multiplex the stuff off to a quicker media, or load your slow media onto disk for searches. The nice thing about write once media is that you get to testify from solid ground that a defense attorney isn't going to dig up with the new[1] defenses. Tamper-evident packaging is established as _the_ way to store and transport evidence. Adding the digital equiv. of that gives you a lot of precident to stand upon. Paul [1] For some values of new- the current "dog ate my homework" of defense lawyers seems to be "the trojan changed my bytes." Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions probertsat_private which may have no basis whatsoever in fact." probertsonat_private Director of Risk Assessment TruSecure Corporation _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Wed Dec 11 2002 - 15:24:22 PST