The Loganalysis mailing list has a number of topics that come up frequently. On this page we've supplied links to list postings that deal particularly well with specific topics, or that we think are thought-provoking or otherwise worth reading.

• Logs as Evidence
  Paul D. Robertson (Wed, 11 Dec 2002) Log archival
  Paul D. Robertson (Wed, 11 Dec 2002) Log archival
  Tom Perrine (Wed, 11 Dec 2002) Log archival
  Tina Bird (Thu, 12 Dec 2002) Log Archival - includes link to: "Computer Records and the Federal Rules of Evidence"
  Paul D. Robertson (Thu, 12 Dec 2002) Log Archival
  Erin Kenneally, M.F.S., J.D. (Thu, 12 Dec 2002) Log Archival
  Orin Kerr (Thu, 12 Dec 2002 ) Log Archival
  Audit Trails in Evidence - A Queensland Case Study - Eleven court cases involving Queensland Police Service audit trails have been studied and the results are reported and analysed in this paper. It is shown that, of the cases studied, none of the evidence presented has been rejected or seriously challenged from a technical perspective.
  Paul D. Robertson (Wed Jan 29, 2003) [fw-wiz] Acquisition of time (Cross-port from Firewall-wizards)
  
  
• Tamper-Proof Storage
  Marcus J. Ranum (Tue, 17 Dec 2002) Filesystem for logging
  Paul D. Robertson (Tue, 17 Dec 2002) Filesystem for logging
  
  
• Designing a newer and better logging system
  Rainer Gerhards (Tue, 17 Dec 2002) Syslog payload format - has some good links to various ideas of "how to do it right"
  Kyle R. Hofmann (Wed, 18 Dec 2002) Syslog payload format
  Chris Calabrese (Thu, 19 Dec 2002) Syslog payload format - includes draft IETF XML syslog document
  
  
• XML - use and misuse thereof
  Marcus J. Ranum (Wed, 05 Jun 2002) Re: Generic Log Message Parsing Tool
  Chris Calabrese )Thu, 06 Jun 2002) Re: Generic Log Message Parsing Tool
  
  
• Syslog UDP unreliability
  Marcus J. Ranum (Tue, 29 Jan 2002) Re: syslogd / some analysis
  
  
• Building a scalable logging infrastructure
  Mikael Olsson (Thu, 21 Jan 2003) Re: Another gooey performance question
  Summary of answers received off-list (anonymized)
  Paul Robertson (Mon, 22 Sept 2003) Re: High network load
  
  
• Log Archiving
  Bennett Todd (Wed, 11 Dec 2002) Log archival
  
  
• Date/Time formats
  Marcus J. Ranum (Wed, 11 Dec 2002) date/time formats...
  
  
• Scrubbing Logs
  Sweth Chandramouli (Wed, 19 Jun 2002) OT: 'Automated Log Analysis'
  
  
• Regexps are Evil?
  Adam Sah (Tue, 04 Jun 2002) Re: Generic Log Message Parsing Tool
  Marcus J. Ranum (Wed, 05 Jun 2002) Re: Generic Log Message Parsing Tool
  Sweth Chandramouli (Wed, 05 Jun 2002) Re: Generic Log Message Parsing Tool