SEARCH RESULTS
 
Showing 1-10 of 18 records
 
Expand article

Software and SoftwareVersion in Syslog?

2008-02-25 17:00:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
The latest update of syslog IETF draft "The syslog Protocol draft-ietf-syslog-protocol-23" ( here ) enlightens its readers that it now has "structured data elements, which can be used to transmit easily parseable, structured information and allows for vendor extensions." Wow, amazing Have you ever seen a syslog entry that had "enterpriseId",...
 
Tags: transmit easily parseable, syslog ietf draft, data elements, syslog protocol, vendor extensions, software, syslog entry, enlightens, org
 
 
 
 
Expand article

TCP Syslog =/= Reliable?

2008-04-03 13:28:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
Usually, people associate UDP-based log transfer with being "unreliable" and TCP with being "reliable." Rainier here raises a few interesting issues (not the least of which is TCP buffering) that question the reliability of TCP syslog Is there a need for a "more reliable" TCP with application-level ACKs? Maybe ... but not in the world where UDP...
 
Tags: tcp syslog, tcp, reliable, log transfer, udp syslog, issues, reliability, unreliable, world
 
 
 
 
Expand article

Fun Reading on Logs and Log Management - 2

2008-09-15 08:03:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
I am amazed (no, AMAZED!) about how many people now write about logs; it is definitely not "the original logging evangelist" anymore :-) Here is a bunch of good log-related reading, useful for those struggling with logs (aka "everybody Our brilliant field engineer Dimitri McKay talks about the eternal topic of converting Windows event logs to...
 
Tags: logs, windows event logs, event logs, log management, log, developers, train application developers, log correlation project, application developers
 
 
 
 
Expand article

Logging Poll #6 "Which Logs Do You LOOK At?" Analysis

The Article has images
2008-03-06 15:01:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
This poll on looking at logs poll was relatively popular; lets see what we can learn (live results are also here First , what are the top 3 log types that people look at? They are Unix/Linux server syslog Web server logs Firewall logs How does that compare with the top 3 log types that people collect (see picture showing results from my...
 
Tags: logs, logs poll, windows server logs, nidsnips logs, firewall logs, poll, people collect, web server logs, people
 
 
 
 
Expand article

Windows Log Collection Poll Analysis

The Article has images
2008-04-02 16:46:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
Now, my latest poll (" What tools do you use for Windows Event Log Collection and Analysis ") was pretty popular (157 responses) and controversial as well; let's analyze it. The results are here and below as well So, what catches your eye first ? Despite the fact that I was trying hard to list most of the tools that collect Windows logs known...
 
Tags: windows, logs, windows event logs, collect windows logs, windows version, remote windows collectors, collect, poll, ignore windows logs
 
 
 
 
Expand article

Logging, Correlation and IT Search: An Analogy

The Article has images
2008-06-06 17:00:00 by JJ in Security Uncorked
We were having some in-house training the other day and trying to demonstrate and explain the value of IT logging, event correlation and IT search functions to non-technical folk. Unfortunately, I think the data being used was unfamiliar and made it difficult to get the point across of what we can do with these tools and why we like them....
 
Tags: kids, src kids computer, src, src livingroom tv, house, in-house, house gateways, src front door, kid1
 
 
 
 
Expand article

Logging Poll #3 "What Do You Do With Logs?" Analysis

The Article has images
2007-12-07 09:19:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
So, the results of my 3rd poll are ready: live results are here , picture is also in this post. This sure was fun First, this poll way more popular than my previous "why" poll . Yes, it seems like people do hate to wonder "why Second, what are the two choices, that are by far the most popular? They are Store raw logs on a server (23 Search raw...
 
Tags: logs, store raw logs, log management business, log management, analysis, poll, commercial log management, raw logs, log management tools
 
 
 
 
Expand article

My 2008 Security Predictions!

2008-01-09 15:42:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
I just have to start with this quote from Rich Mogul : "... Legions of armchair futurists slobber over their keyboards, spilling obvious dribble that they either predict every year until it finally happens or is so nebulous that they claim success if a butterfly flaps its wings in Liechtenstein." :-) Amen to that, Rich. Onwards to my 2008...
 
Tags: security, security predictions, broader information security, information security, smb security, virtual security appliances, security market, security solutions, security software
 
 
 
 
Expand article

Prospects Brightening for a Common Event Standard

2008-02-25 08:38:57 by Burton Group in Security and Risk Management Strategies Blog
 
Blogger: Dan Blum There are two groups actively working to create a common event standard that allows event logs and audit records to be shared and understood across many products, and the good news is that theyre talking to each other Common Event Expression (CEE) language, by Mitre X/Open Distributed Audit Standard (XDAS), by Open Group The...
 
Tags: common event standard, standard, event standards space, space, standards, common event standards, standards deliberation, cee, cee web site