1. Our brilliant field engineer Dimitri McKay talks about the eternal topic of converting Windows event logs to syslog. Yes, Eric, we ALL know it is ugly, but that is the only way that actually works well across all systems ...
2. More on Windows and syslog: "Syslog ... 20 Years Later."  BTW, this is really not about syslog, but about Vista/2k8 finally getting an ability to natively centralize the event logs via event subscriptions ("It's only about twenty years behind schedule, if you're counting.")
3. Two fun pieces on correlation: 1 and 2. What often kills "a log correlation project"? "Whoever had worked on it had not had much time available to learn the way to properly configure the software" (from this)  and "correlation only really works when backed up by real data about what is the biggest problem in your environment, and how that problem manifests itself in the event logs." (from this) None of this is new, but a useful reminder nonetheless
4. Fun LogLogic podcast is here. The topic of this high-level discussion (CEO) is related to operational use for logs. I did one with them too; on logs and virtualization (will be up soon)
5. A couple of good posts on logging from Nemertes Research: "Sharpening Stones and Walking on Coals",  "Search or Destroy"
6. Reminder about a few useful Windows Vista and 2k8 events: 4802 (screensaver engaged) and 4803 (screensaver dismissed)
7. One person is wondering about the usefulness of logging after "experiencing" Linux auditd logging (kernel audit): "Logs are like a warm blanket; verbose logging means you can know what's happening on your systems if you keep up with the logs.  At the same time, logs become a burden very very easily, and they are easy to ignore." This post is a must read for us logging afficionados; producing too much log data is a sure way to make people hate you...
8. This also follows the same theme: people doubting the god-like power of logs :-) "So for an administrator to not care about logs was a shock." But would I argue that "log management is NOT a pain?" Now, would I? :-)
9. A classic about logging for application developers: "Building Secure Applications: Consistent Logging."  I am noticing a lot more discussions about logging in a developer community, e.g. see this and this (the latter, BTW, contains a lot of info on "why log" for developers). Overall, "getting logging right" is important (and will get more important in the future) and people need something NOW and cannot wait for the standards.  BTW, I am planning a mini-crusade on how to train application developers to include useful logging in their applications...
10. Finally, the "Is SIEM dead?" theme is continued in this fun post "Life after SIEM. Situational Awareness is next." Indeed, context is key for logs. BTW, if somebody mentions that I have "vendor bias", I will kick your ass! :-)

Enjoy!

Image by goddam via Flickr

Ah, its almost August.  Football training camps are open and the Yankees and Red Sox are battling. Does it get any better?  For most of this year I thought the Yankees were going to be out of it this year and content to have a rebuilding year.  We have several veteran players who past their prime and whose contracts are up after this year.  We have a some great young talent that need to grow into their potential.  It looked like the Bosox and Tampa Rays were going to run away with the division and wild card this year.

But like inevitable turning of the seasons, sometime after July 4th and then the All Star break, the Yankees beginninng their drive. Those old bones warm up in the heat of the summer and the bats come alive. This year the pitching is carrying them too.  Old pros Andy Pettite and Mike Mussina are joined by Jobba Chamberlin.  Mariano Rivera is still the best closer in baseball.  Just like old times the Yanks went out and fleeced some 2nd division team for a bunch of minor leaguers and added a quality hitter and pitcher right before the trade deadline.  Look around and we are one game behind the Red Sox for the wild card slot and only three games behind the Rays for first place!

I still think Tampa is going to stumble and it will come down to the Sox and the Yanks. Just the way it is supposed to be. I am heading up to NY next Friday, taking my sons to the shrine that is Yankee Stadium to see it in person in its last year.  The rest of the baseball season is going to be very exciting.  Again, just the way it is supposed to be!

Image by goddam via Flickr

Ah, its almost August.  Football training camps are open and the Yankees and Red Sox are battling. Does it get any better?  For most of this year I thought the Yankees were going to be out of it this year and content to have a rebuilding year.  We have several veteran players who past their prime and whose contracts are up after this year.  We have a some great young talent that need to grow into their potential.  It looked like the Bosox and Tampa Rays were going to run away with the division and wild card this year.

But like inevitable turning of the seasons, sometime after July 4th and then the All Star break, the Yankees beginninng their drive. Those old bones warm up in the heat of the summer and the bats come alive. This year the pitching is carrying them too.  Old pros Andy Pettite and Mike Mussina are joined by Jobba Chamberlin.  Mariano Rivera is still the best closer in baseball.  Just like old times the Yanks went out and fleeced some 2nd division team for a bunch of minor leaguers and added a quality hitter and pitcher right before the trade deadline.  Look around and we are one game behind the Red Sox for the wild card slot and only three games behind the Rays for first place!

I still think Tampa is going to stumble and it will come down to the Sox and the Yanks. Just the way it is supposed to be. I am heading up to NY next Friday, taking my sons to the shrine that is Yankee Stadium to see it in person in its last year.  The rest of the baseball season is going to be very exciting.  Again, just the way it is supposed to be!

A quick post to say a very warm welcome to IMI Tech Talk / KFNX listeners!

I was recently approached to take part in an interview about Cloud Computing and Security on IMI Tech Talk, broadcast on KFNX News Talk Radio.  KFNX is a US based radio station based out of Phoenix, Arizona.  More in-depth than the previous opportunity, a range of Cloud Computing technologies were discussed in the 30 minute segment:

• Who am I?
• What is cloud computing? (*that* question!).
• Introduction to virtualization.
• Examples of cloud computing services that exist today.
• Barriers to entry.
• Security issues of processing or storing data in the cloud
• cloudsecurity.org

I did mention I would provide links to useful Cloud Computing resources (as my mind went totally blank during the interview!) - watch for a post next week covering the blogs I read regularly.

Cloudsecurity.org was born as I couldn’t find any dedicated web resource discussing Cloud Computing and Security.  If there are subjects you want to see covered, feel free to leave a suggestion in the Skribit sidebar to the right.

I do welcome comments in response to blog posts on the blog itself - don’t be shy :-).

For private communications I can be reached at craig.balding@gmail.com.

My thanks to the IMI Tech Talk team, particularly Tom and Eric.

Enjoy the blog,

Craig

One of the projects leaders uses terms that should warm every New Yorker's heart, if he or she knew what they meant. IT head Paul Cosgrave says the system will overcome silos, an often disparaging term for the separation of resources across groups that can only expensively be overcome. It's the government and business equivalent of the academic problem of a lack of cross-discipline focus.

One of the first applications allows sanitation workforce managers a frighteningly precise amount of knowledge about routes, activities, and behavior of trucks in their territory. Let's hope that's not misused! Efficiency is one thing; micro-management is another.

Another project is testing wireless water-meter reading. The city hopes to spend $90 per meter for the upgrade and shed part of a $12.2m contract with Con Edison that covers 850,000 units. What should be useful about this is that problems can be detected by monitoring waterflow patterns, which in turn allows the often huge problems that take months to notice (occurring underground or in basements where rivers formerly flowed) to be stopped before they turn into multi-million-dollar problems for property owners or the city. Anytime anything happens in Manhattan, it's a multi-million dollar problem.

TIBCO Software shows, yet again, why the team in Palo Alto far outpaces the rest of the field with their announced acquisition of Insightful.  

Everyone who follows The CEP Blog and my vision for the business use of CEP understands how much energy and passion I have put into explaining why the crude time-series analysis of streaming data cannot possibly solve the vast marjority of complex business problems CEP must address. 

TIBCO’s acquisition of Insightful show just how serious TIBCO is about working to make the vision of “Predictive Business” a reality.    TIBCO means business, and a large part of what that means is helping customers solve their most challenging problems, which can be summarized in CEP-speak as detecting opportunities and threats, in near real-time, as a core corporate competency. 

If you spend a few moments on the Insightful web site, you will find a treasure of documentation that discusses a gold mine of advanced statistical analytics that can be used in a number of mission critical applications.

This is the class of analytics that form the backbone of complex event processing.  In fact, as I have often pointed out (to the dismay of some of my CEP colleagues), any software company that discusses CEP and does not support or advocate advanced analytics are selling snake oil.      TIBCO obviously understands the difference between snake oil, smoke-and-mirrors marketing, and the technology it takes to solve real operational problems.

My hats off and warm congratulations to the team in Palo Alto for demonstrating, yet again, why TIBCO is committed to solving real customer problems with realistic solutions.

Maybe TIBCO will evolve to mean “The Insightful Business Company”   versus the tired and stale “The Information Bus Company” of yesteryears?

Disclaimer:  I have not been an employee of TIBCO for over a year. 

Everyone who follows The CEP Blog and my vision for the business use of CEP understands how much energy and passion I have put into explaining why the crude time-series analysis of streaming data cannot possibly solve the vast majority of complex business problems CEP must address. 

TIBCO’s acquisition of Insightful shows just how serious TIBCO is about working to make the vision of “Predictive Business” a reality.    TIBCO means business, and a large part of what that means is helping customers solve their most challenging business integration problems, which can be summarized in CEP-speak as detecting opportunities and threats, in near real-time, as a core corporate competency. 

If you spend a few moments on the Insightful web site, you will find a treasure of documentation that discusses a gold mine of advanced statistical analytics that can be used in a number of mission critical applications.

This is the class of analytics that form the backbone of complex event processing.  In fact, as I have often pointed out (to the dismay of some of my CEP colleagues), any software company that discusses CEP and does not support or advocate advanced analytics are selling snake oil.      TIBCO obviously understands the difference between snake oil, smoke-and-mirrors marketing, and the technology it takes to solve real operational problems.

My hats off and warm congratulations to the team in Palo Alto for demonstrating, yet again, why TIBCO is committed to solving real customer problems with realistic solutions.

Maybe TIBCO will evolve to mean “The Insightful Business Company”   versus the tired and stale “The Information Bus Company” of yesteryears?

Disclaimer:  I have not been an employee of TIBCO for over a year.