SecurityFocus

[logs] LogLogic's hiring too Jun 26 2007 09:25PM
Anton Chuvakin (anton chuvakin org) (1 replies)

[logs] Microsoft is Hiring too Jun 27 2007 11:15PM
Eric Fitzgerald (Eric Fitzgerald microsoft com) (1 replies)

Re: [logs] Microsoft is Hiring too Jun 28 2007 03:09AM
Tom Le (dottom gmail com) (1 replies)

RE: [logs] Cross-Platform Log Analysis and Microsoft Jun 28 2007 08:06PM
Eric Fitzgerald (Eric Fitzgerald microsoft com) (1 replies)

RE: [logs] Cross-Platform Log Analysis and Microsoft Jun 29 2007 01:57AM
Marcus J. Ranum (mjr ranum com) (1 replies)

RE: [logs] Cross-Platform Log Analysis and Microsoft Jul 02 2007 04:00AM
David Corlette (dcorlette novell com) (2 replies)

I have to disagree a bit here - I personally think syslog is pretty lame, and really should die as quickly as possible. It's based on an unreliable protocol, after all. And latter-day attempts to send it over SSL or whatever are, to my mind, a band-aid solution.

There are other auditing standards out there, here at Novell we're espousing an open standard called XDAS, and I know that COAST is putting something together as is MITRE/Arcsight - we're working on trying to get all these groups to coordinate. I'm hoping that all vendors will start to move to those standards and treat security event auditing as a real discipline, not something you throw out over syslog or along with your debug events. One thought, for example: shouldn't the event record format and the transport be independent?

My 2c, anyway...

Oh, and I've been told, by the way, that Windows can send out its event logs via SNMP. Haven't tested it, myself, so I have no idea what that looks like.

>>> On Thu, Jun 28, 2007 at 9:57 PM, in message
<6.2.0.14.2.20070628215505.0ef21060 (at) ranum (dot) com [email concealed]>, "Marcus J. Ranum"
<mjr (at) ranum (dot) com [email concealed]> wrote:
> Eric Fitzgerald wrote:
>>I am always willing to listen to feedback and deliver it to the appropriate
> people.
>
> The fact that it hasn't occurred to Microsoft to support something like
> syslog _yet_ - in spite of the plethora of other devices that support it,
> and technologies that consume it... speaks volumes.
>
> I'm not trying to bash you, and I'm sure your heart is in the right place,
> but the fact that it's 2007 and you even need to say something as naive
> as "willing to listen to feedback..." is enough. Maybe you're willing to
> listen, but it's pretty clear that the decision-makers aren't.
>
> mjr.
>
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis (at) loganalysis (dot) org [email concealed]
> http://www.loganalysis.org/mailman/listinfo/loganalysis

_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]

Re: [logs] Cross-Platform Log Analysis and Microsoft Jul 02 2007 10:31PM
Mordechai T. Abzug (morty frakir org) (1 replies)

Re: [logs] Cross-Platform Log Analysis and Microsoft Jul 02 2007 11:05PM
Matt Cuttler (mcuttler bnl gov)

RE: [logs] Cross-Platform Log Analysis and Microsoft Jul 02 2007 09:28PM
Marcus J. Ranum (mjr ranum com) (3 replies)

RE: [logs] Cross-Platform Log Analysis and Microsoft Jul 03 2007 01:34AM
Eric Fitzgerald (Eric Fitzgerald microsoft com) (3 replies)

[logs] event reporting, syslog, and security Jul 05 2007 09:46PM
Mordechai T. Abzug (morty frakir org)

Re: [logs] Cross-Platform Log Analysis and Microsoft Jul 03 2007 05:13AM
Russell Fulton (r fulton auckland ac nz) (1 replies)

Re: [logs] Cross-Platform Log Analysis and Microsoft Jul 03 2007 09:04AM
James Turnbull (james lovedthanlost net)

RE: [logs] Cross-Platform Log Analysis and Microsoft Jul 03 2007 12:37AM
David Corlette (dcorlette novell com) (1 replies)

RE: [logs] Cross-Platform Log Analysis and Microsoft Jul 03 2007 05:55AM
Eric Fitzgerald (Eric Fitzgerald microsoft com)

Re: [logs] Cross-Platform Log Analysis and Microsoft Jul 02 2007 10:25PM
Tom Perrine (tperrine scea com) (2 replies)

Re: [logs] Cross-Platform Log Analysis and Microsoft Jul 03 2007 08:27AM
Darren Reed (avalon coombs anu edu au)

Re: [logs] Cross-Platform Log Analysis and Microsoft Jul 03 2007 12:33AM
David Corlette (dcorlette novell com)

Re: [logs] Cross-Platform Log Analysis and Microsoft Jul 02 2007 10:16PM
Anton Chuvakin (anton chuvakin org)