RE: [logs] RE: NT Event Log and Web Server Attacks

• Previous message: Frank O'Dwyer: "RE: [logs] RE: NT Event Log and Web Server Attacks"
• Maybe in reply to: Rainer Gerhards: "[logs] RE: NT Event Log and Web Server Attacks"
• Next in thread: Rainer Gerhards: "RE: [logs] RE: NT Event Log and Web Server Attacks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Frank,

Current event log APIs will continue to work, is what I am told, but
will be wrappers around the new API set. The on-disk log format will be
different.

Eric

-----Original Message-----
From: Frank O'Dwyer [mailto:fodat_private] 
Sent: Monday, January 20, 2003 11:07 AM
To: Eric Fitzgerald; Paul D. Robertson
Cc: H C; Rainer Gerhards; loganalysisat_private; Tina Bird; Marcus
J. Ranum; Ben Laurie
Subject: RE: [logs] RE: NT Event Log and Web Server Attacks


How about stuff like OpenEventLog, ReadEventLog, EVENTLOGRECORD - will
these continue to work, and/or have new equivalents?

Cheers,
Frank

> -----Original Message-----
> From: Eric Fitzgerald [mailto:ericfat_private]
> Sent: 20 January 2003 19:00
> To: Frank O'Dwyer; Paul D. Robertson
> Cc: H C; Rainer Gerhards; loganalysisat_private; Tina Bird; 
> Marcus J. Ranum; Ben Laurie
> Subject: RE: [logs] RE: NT Event Log and Web Server Attacks
>
>
> The new service will be 100% backwards compatible with the existing 
> Event Log service APIs, and some of the capabilities of the new 
> service will be available even to apps that use legacy eventing APIs, 
> but you'll have to change API calls to take full advantage of all the 
> features of the new service.
>
> Eric
>
> -----Original Message-----
> From: Frank O'Dwyer [mailto:fodat_private]
> Sent: Monday, January 20, 2003 10:56 AM
> To: Eric Fitzgerald; Paul D. Robertson
> Cc: H C; Rainer Gerhards; loganalysisat_private; Tina Bird; 
> Marcus J. Ranum; Ben Laurie
> Subject: RE: [logs] RE: NT Event Log and Web Server Attacks
>
>
> > We have something up our sleeve but I don't want to over-promise & 
> > under-deliver.  Look for a significant audit collection and analysis

> > tool from us this summer, and a completely replaced event log 
> > service with some really neat analysis capabilities in the next 
> > version of Windows.
>
> What will this mean to users of the current APIs?
>
> Both analysers and ordinary programs doing logging?
>
> Cheers,
> Frank
>
>
>

_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Rainer Gerhards: "RE: [logs] RE: NT Event Log and Web Server Attacks"
• Previous message: Frank O'Dwyer: "RE: [logs] RE: NT Event Log and Web Server Attacks"
• Maybe in reply to: Rainer Gerhards: "[logs] RE: NT Event Log and Web Server Attacks"
• Next in thread: Rainer Gerhards: "RE: [logs] RE: NT Event Log and Web Server Attacks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jan 20 2003 - 13:58:26 PST