[logs] Eventlog to syslog
Bill Scherr IV
bschnzl at cotse.net
Mon Mar 3 02:06:31 PST 2008
Yeah Dave...
But we need a way to get them all together onto one analysis machine.
Honestly, I trust syslog, bash, PERL and regular expressions more than any
database. I can build a top layer tree in the file system and extract
subheadings down to the positional character. If I am not mistaken BSM will
dump to syslog.
We are trying to manage content, not generate it. We are not afraid to do
the math. Once the entry is saved under a different "root" user, it is more of
an audit than anything on a compromised box. Once you try to take away
the math, you make understanding the system harder. Syslog supports any
string, and all programmers are not as conciencious as the boys from Provo.
If I came across harsh here, it was not my intention.
B.
Circa 21:52, 1 Mar 2008, a note, claiming source David Corlette
<DCorlette at novell.com>, was sent to me:
Date sent: Sat, 01 Mar 2008 21:52:10 -0700
From: "David Corlette" <DCorlette at novell.com>
To: <loganalysis at loganalysis.org>
Subject: Re: [logs] Eventlog to syslog
>
> In our current implementations we are diverging the concepts of "logging"
> vs. "auditing" based on these differing requirements. Syslog might work
> fine for the former, but not for the latter.
>
Bill Scherr IV, GSEC, GCIA
Principal Security Engineer
EWA Information and Infrastructure Technologies
bscherr at iit-tek.com
bscherr at ewa.com
703-478-7608
More information about the LogAnalysis
mailing list