[logs] Syslog - monitoring the bigger picture

[David Corlette]

So, Tina - are you planning to coordinate your efforts with any of the standards bodies?  I am personally involved in the Open Group's XDAS project, which has some overlap with what you describe, but I've also heard of CERIAS or COAST or something, and other similar efforts sponsored by MITRE and such.

The point being, it's great that Splunk is working on this, but unless it gets up to sort-of-RFC status, it'll be hard for people to find and reference, in my opinion.

> Which is why my contribution to the "how do we solve this problem" always
> comes back to building that kindergarten-level knowledge base of which
> messages are important, for what reasons, on whatever kind of
> device-OS-application you may be considering.