[logs] Cross-Platform Log Analysis and Microsoft
Matt Cuttler
mcuttler at bnl.gov
Mon Jul 2 16:05:52 PDT 2007
Mordechai T. Abzug wrote:
> On Mon, Jul 02, 2007 at 12:00:11AM -0400, David Corlette wrote:
>
>
>> And latter-day attempts to send
>> it over SSL or whatever are, to my mind, a band-aid solution.
>>
Agreed with both posters - that syslog, in general, can suck.
(But..) Separate that from an organization who wishes to take *that same
old syslog data*, and wrap the transport in a more "modern-day"
alternative such as TCP transport, and crypt it with secure sockets.
That's not putting "lipstick on a pig", or an attempt to glamorize the
Band-Aid(tm) "solution" -- it's just optional add-ons.
Often, the sysadmins are just following the Boss's (or the Auditor(s))
recommendations -- which are usually blanket statements such as "ALL
audit traffic MUST be encrypted".
> " while
> some people call old stuff "if it ain't broke, don't fix it."
>
That's true, but you'll find that some of the world's brightest people
usually don't work within that constraint :)
More information about the LogAnalysis
mailing list