RE: [logs] Log archival

From: Rainer Gerhards (rgerhardsat_private)
Date: Fri Dec 13 2002 - 06:42:24 PST

  • Next message: Darren Reed: "Re: [logs] SDSC Secure Syslog"

    > In the last 12 or so messages, I've seen a *great* 
    > introduction to the rules of evidence that apply to logs, 
    > their analysis and the way that witnesses are needed to 
    > describe them.  Stuff that I've never seen all in one place, 
    > presented in such a way that us non-lawyers can understand it.
    
    Actually (on 10th thought ;)) if such a paper would be put together and
    being tried to be on the IETF or at least being accepted by a larger
    crowd (this list) - wouldn't that help to persuade the judge that proper
    practices have been followed? 
    
    Kind of a best practices thing?
    
    Rainer Gerhards
    Adiscon
    
    _______________________________________________
    LogAnalysis mailing list
    LogAnalysisat_private
    http://lists.shmoo.com/mailman/listinfo/loganalysis
    



    This archive was generated by hypermail 2b30 : Fri Dec 13 2002 - 10:48:17 PST