[logs] anyone willing to share proper syslog SQL schema & data
typing?
Anton Chuvakin
anton at chuvakin.org
Thu Aug 2 18:31:44 PDT 2007
> timestamp
> syslogClient (hostname, ip)
> recordCategory (process name)
> recordType (facility, priority)
> sourceAddress (hostname, ip)
> destAddress (hostname,ip)
> sourceUser(username or email)
> destUser (username or email)
> objects (filenames, URLs)
> uniqueIDs (PID, message-id, etc)
> fulltext (raw syslog msg)
This seems to be missing something like an ACTION (i.e. what is the
log message about? what happened to the above OBJECT) and maybe some
indication of success or failure...
--
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
http://www.chuvakin.org
http://chuvakin.blogspot.com
http://www.info-secure.org
More information about the LogAnalysis
mailing list