[logs] CEE - a new logging standard
Safier, Adam *
adam.safier at fda.hhs.gov
Fri Apr 20 08:07:56 PDT 2007
IETF Standards are more likely to get adopted by large vendors (if there
is user demand for a standard), especially if they authors work for the
large vendors. :) And there is such an effort underway for syslog.
http://www.ietf.org/html.charters/syslog-charter.html
Developing standards seems to be a nice slow process and they seem to be
developing a whole language. Instead of reading a novel about Attila
and Rome, I think I will be reading
http://www.ietf.org/internet-drafts/draft-ietf-syslog-protocol-19.txt on
my forthcoming trip to FL.
Adam Safier
-----Original Message-----
From: loganalysis-bounces at loganalysis.org
[mailto:loganalysis-bounces at loganalysis.org] On Behalf Of Daniel Cid
Sent: Thursday, April 19, 2007 7:04 PM
To: Anton Chuvakin; loganalysis at loganalysis.org
Cc: dcid at ossec.net
Subject: Re: [logs] CEE - a new logging standard
Hi Anton,
The idea of a new logging standard is very good news to me (we need
that), however, I need to ask, how is that going to be different from
all the other "standards"
that no one uses (like IDMEF, CEF, WELF, etc)?
It seems to me that without support from big companies, like Cisco,
Microsoft, etc, we will keep creating new formats that goes no where (I
hope I am wrong).
Btw, is it going to be an open standard? Who was involved in the process
to define/design it? I couldn't find any reference to it outside your
blog. More info, please! :)
Thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net
--- Anton Chuvakin <anton at chuvakin.org> escreveu:
> All,
>
> Here is some fun, long-awaited logging news: CEE, a new logging
> standard, is about to be unveiled. I do think that the world is ready
> for another battle for the establishment of a logging standard, after
> a long string of miserable failures.
>
>
http://chuvakin.blogspot.com/2007/04/finally-common-event-expression-cee
-is.html
>
> Best,
> --
> Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
> http://www.chuvakin.org
> http://chuvakin.blogspot.com
> http://www.info-secure.org
More information about the LogAnalysis
mailing list