[logs] Re: regex-less parsing of messages

• Previous message: todd.glassey@private: "[logs] Re: regex-less parsing of messages"
• In reply to: todd.glassey@private: "[logs] Re: regex-less parsing of messages"
• Next in thread: Augusto Paes de Barros: "[logs] Re: regex-less parsing of messages"
• Reply: Augusto Paes de Barros: "[logs] Re: regex-less parsing of messages"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Todd and all,

I was preparing a long and thoughtful message on this great thread,
but this caught my attention:

> This makes SPLUNK Pro totally good to go for meeting SOX and compliance in
>2CFR/211CFR type environments.

Ah, that totally makes sense :-) Get this thing and you met SOX
requirements... sure. I hope you mean that it can be used for SOX,
*just like most other logging tools*.

In general, can someone shed some light on a broader context of this:
what kind of feature(s) might make a logging tool to NOT satisfy the
requirements for auditing of controls in SOX?

Best,
--
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
         http://www.chuvakin.org
    http://www.securitywarrior.com
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Previous message: todd.glassey@private: "[logs] Re: regex-less parsing of messages"
• In reply to: todd.glassey@private: "[logs] Re: regex-less parsing of messages"
• Next in thread: Augusto Paes de Barros: "[logs] Re: regex-less parsing of messages"
• Reply: Augusto Paes de Barros: "[logs] Re: regex-less parsing of messages"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Thu Dec 08 2005 - 15:17:06 PST