[logs] Introducing The Open Event Log Project
Tina Bird
tbird at precision-guesswork.com
Thu May 17 16:59:23 PDT 2007
> The Open Event Log (OEL) Project (www.openeventlog.com) was conceived
> by Andrew Hay (www.andrewhay.ca) in May 2006 as a repository for
> system/server/application event logs to aide in incident response and
> forensic analysis. Many tools are now available to assist the analyst
> in interpreting event logs but a better understanding of the logs, as
> well as samples, were lacking. Most vendors post their event log
> specifications but it helps to have a central location that displays
> samples of these logs.
We've had several of these efforts started "recently," for some value of
"recently"; here's my quick list of Web sites collecting logs in order to
establish a repository and community base - these are in no particular
order, just what the order in which my brain is tossing them out:
- http://www.loganalysis.org - dormant now, of course, at least as far as
the collection of log samples go; Marcus and I intended that as the main
emphasis of the site when we started it in 2002, but we both underestimated
the amount of work it would take to collect and make data accessible, and
that part of the site never really took off
- http://www.ossec.net/wiki/index.php/Log_Samples - Daniel Cid's open source
project for security information collection and management, OSSEC,
incorporates a "community log donation" page
- http://www.monitorware.com/en/events/ - MonitorWare's Windows Event Log
parsing database and http://www.monitorware.com/en/syslog-enabled-products/
log configuration library
- http://www.eventid.net - the best-known source for Windows event
information, outside of Microsoft's own documentation
- http://www.splunkbase.com - Sponsored by Splunk; the majority of
information on the site is licensed for public use under the Creative
Commons license and is not specific to Splunk's own products
- http://www.dshield.org/howto.html - SANS' DShield collects logs for the
purpose of detecting attacks and trends on the Internet, not primarily for
sharing log formats, parsing tools or interpretation
I'm sure there are others, but this is what I'm coming up with at the
moment. I suspect I should start a meta-repository listing all the
repositories...
cheers - tbird
More information about the LogAnalysis
mailing list