All,
> Changing the structure of log messages: not gonna happen
> Change the transport of log messages: I give it a 20% chance
> Adopt standard structural elements in log messages: not gonna happen
> (2 years ago, I thought this was actually possible)
OK, here is my belated response to it... Even though I often tend to
agree with the most pessimistic prediction (claiming that it is also
"the most realistic"), I think the above is pure curmudgeonry :-)
Here is a useful analogy to illustrate it: folks used to think that OS
vendor will *never* ship "secure out of the box" since users want all
the functionality to be enabled with no hassle. I can still find some
old industry debate on this subject, with most folks agreeing - "not
gonna happen." Guess what? It did! And, big buyers pushing OS
vendors played a non-trivial role in that ...
So, I am willing to hypothesize that some [small?] parts of "standard
structural elements" as well as some common idea of what should be
logged, might actually get standardized in a few years... Am I wildly
optimistic? Of course not! Am I willing to believe that it can happen?
You bet!
Best,
--
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
http://www.chuvakin.org
http://chuvakin.blogspot.com
http://www.securitywarrior.com
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Thu Sep 14 2006 - 12:56:11 PDT