All,
> Actually, I think one of the useful
> first steps we could attempt is to get pressure vendors to document all the
> possible log messages, what they mean and when they might occur.
He-he, and how exactly do you pressure, say, IBM :-), into documenting
all the log messages? Some companies (like Cisco) are pretty good at
that while others are pretty abysmal. At the same time, there is no
way to document all Unix syslog messages (and Windows event log
messages) since everybody and their doc can write there ...
SANS came up with this cool idea to pressure the system vendors thru
government procurement; let's see whether this one will fly (and it
might - since it worked for 'secure by default' OS configurations,
from what I've heard)
Best,
--
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
http://www.chuvakin.org
http://chuvakin.blogspot.com
http://www.securitywarrior.com
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Thu Aug 31 2006 - 21:44:32 PDT