LogAnalysis
[logs] How to define Log, Event, and Alert? Jul 23 2008 03:26PM
Heinbockel, Bill (heinbockel mitre org) (3 replies)
In support of the CEE effort to develop a log standard, we
are trying to accurately define the concepts of "log",
"event", and "alert". When we speak of these conceptually,
a majority of us have common understanding of what we mean.
However, this is not the case when presenting these terms
to management and other people outside of the log space.

Here is our initial shot at defining these terms:

Event:
A discrete, distinct, and discernible state change in an
environment.

Alert (n):
A warning or notification generated in response to an event.

Alert (v):
The act of generating, transport, or displaying a warning or
notification in response to an event.

Log Entry:
The record of an event in a log. Event log, event record, log
message, log record, and audit record are all synonyms that have been
used to refer to log entries.

Log (n):
The record comprising one or more log entries accumulated over
a given period. This may be electronic (e.g. stored in memory, disk,
software, database, text file, etc), physical (e.g. on paper), or even
verbal (e.g., "Between 10:00 and 10:01 we received a series of several
thousand SYN packets that we acknowledged, but full TCP connections
were not completed. At 10:02, our server resources exceeded the
maximum tolerable level and crashed.").

Log (v):
The act of recording or storing one or more events.

What do you think?
Can these definitions be changed/improved in anyway?
Is there any examples, synonyms, or clarifications that should be
added?

Thanks,

William Heinbockel
Infosec Engineer, Sr.
The MITRE Corporation
202 Burlington Rd. MS S145
Bedford, MA 01730
heinbockel (at) mitre (dot) org [email concealed]
781-271-2615

0? *?H?÷
 ?0?1 0 +0? *?H?÷
 ?
Å0?d0?L 0
 *?H?÷
0Z10U
 mitre.org10U Certificate Authority1$0"UMITRE Corporation Root CA-10
060601040000Z
180601040000Z0Z10U
 mitre.org10U Certificate Authority1$0"UMITRE Corporation Root CA-10?"0
 *?H?÷
?0?
?¯kZ?=??&þo2Ð??ÝNí
n}yCW
©W*/HsdùÅõ¢Ì?{%*?'?ì-L÷6ÉÔV:K`EsW?âã^Ù?<S?ÂnS÷ÃYsÜD(?ÎÞò«}Jâ+
w
åJ­%ÿ¢ë¤,
Rè#Kê? ??§Ç¡ØÜYN_6QÃUÏJ( C
jG?-?,pl³øg3$§ ?²?2Ø Øi!ó?.ÖQÕD+BnZÅî¬Ï³/ã±k¯Å\_é?îƪ÷?D:)`r,tþv?îB_3?aí@Aù-NüèGù?ÐàÈÖ?<
ö­ u9RÀ:-½Èhþ_%£5030Uÿ0ÿ0UÇpQØMþäÔh?Å=???þt/0

 *?H?÷
?ùõ_
Xâ?\}l$|?î\Ò?ºq?J?zºHñ ?¢äµ?^´kCZ4jHíÈ×Ø·¹Ük(vÖ¥î?ÅS Z®m"]¿Z;?aÆ_½?7ø«MÔT°B'6&í?Ô?Fö`º;ÅG?ÝÊ ÄùtwêHÆáÆ©xÒX?Èñ¤Ý Â??? <µ#×-ó:
ìñ\Á3ÿ?ç­B¨?g?ôÑòË??3öi§Ç¦"õ5Û¡vqvâ?+GË6 ??C=AÁ6­äQNãŁ+q~S­+; ÇÒÆgí×? wöÊT-?Á?³æØ!퍪0?q0?Y ¡0
 *?H?÷
0]10U
 mitre.org10U Certificate Authority1'0%UMITRE Corporation Primary CA-10
080109170045Z
090702170045Z0a10U
 mitre.org10
U people10
?&??ò,d
heinbockel10UHeinbockel William J.0?0
 *?H?÷
0?®ö_±d§6-?Ûí#PÖ &¡>ïæºÒ£:SBãQ?ÙüFÓ܍EJ^//=???Ër¥QµÞ,Éc¿æÁ9|.@kÈ2ÇT_Ïo~áñ?
ÝH+?Ë??r4Ó\?EÞ7Æ·?ƤvZ#?}
̳l¾õ?8±eW?K?Õ?£º0·0Uÿà0U?4é þ³(ȱ°c??_
Ú/*L0U#0??´Hb3BÁ-QHÂ?»
±­0DU=0;09 7 5?3http://www.mitre.org/tech/mii/pki/ca1_mitre_org.crl
0U0heinbockel (at) mitre (dot) org0 [email concealed]
 *?H?÷
?o|éâô©¬m?ÁÏ?>_?Ú
/?«»9i1v?E/²g(Ááj?%I.7¤³Z ¦?ô?¦, <ÖQD÷g-*ycî =2?:?-ðc?GàÊÇ}þ6aýùÕR?ó}~oRý?Î8ä±þ"Qkó9?ÓЁò@?³¹¨Ü`ë
s0?>R}Hw=(?CÅ§$X?/Á.£1ÕbÌxå:Ä Ý»\&?G¥?½R?Í?_<|?å¤GrÈWàÒ°Ôn?³J
s?jÅS ¢ÄàÔÕA¨Ö_+¶î??Ú²ò
ÐRÙ?í_ms±e©?Ýí·ÇkÔÌ?|´0?ä0?Ì 0
 *?H?÷
0Z10U
 mitre.org10U Certificate Authority1$0"UMITRE Corporation Root CA-10
060603171322Z
120603171322Z0]10U
 mitre.org10U Certificate Authority1'0%UMITRE Corporation Primary CA-10?"0
 *?H?÷
?0?
?Èð{V]?¨·K¼CgnFÎÞeCç?Wå(ñO1q?ú*?¤??³©ßlSì?J¼©%É¿PEv$?7s´«Áúê{Ы µE?¾µ;HíùÔZ%°Óö ѵõ ­ ?ѳâq/?ä#x L?P.?¤SsÖev2ÔjÛɯ;+X¾íiëFÃ*~ ¢;õâUXy|³y?¬¼ºbÒB&â]Ñ_À«JF?¤æ?:ì?ëì)GÓɳµN3-?O<í ì09:zø
ÙlL¦¹e&HÕí?ðÈ?Û¤tØ? Ïïtݐ ÿ¦é¿?JåGe¯Rðj?£±0®0Uÿ0
ÿ0Uÿ?0U?´Hb3BÁ-QHÂ?»
±­0U#0?ÇpQØMþäÔh?Å=???þt/0HUA0?0= ; 9?7http://www.mitre.or
g/tech/mii/pki/rootca1_mitre_org.crl0
 *?H?÷
?Mnnë®)ìÝ"=»^_Ú?7_?$)j?éÃr{»ºÐ²´WØÕgÑ6kç41??¢7\ÁNk_68°À?úÁPhï
¨È9Ï??e å|a«F???¨ÿüX3ó?çY3?:ÔÚ{¡ð§r$o§ÖAÿë¾ö-ºÚØ"$òk¼*^hOÚâ ÍÑ><j<Ù?²S¯4ºH?÷!zRa¹Èï»F@q2^??2+´'?E?Ø.¶®xè?ìO?Ì?}?
LéaÜÅeí§pÈ­Z?ü6k×?% ?ªM MxrjD?YéX»K?~T?~@*3?·µH?Î;)ÙÑ\L?gaìÚ 1?½0?¹
0c0]10U
 mitre.org10U Certificate Authority1'0%UMITRE Corporation Primary CA-1¡0 + ?°0 *?H?÷
 1  *?H?÷
0 *?H?÷
 1
080723152659Z0# *?H?÷
 1?ù©?t"??Q?¸«.²w$6²0g *?H?÷
 1Z0X0
*?H?÷
0*?H?÷
?0
*?H?÷
@0+0
*?H?÷
(0+0
*?H?÷
0r +?71e0c0]10U
 mitre.org10U Certificate Authority1'0%UMITRE Corporation Primary CA-1¡0t *?H?÷
  1e c0]10U
 mitre.org10U Certificate Authority1'0%UMITRE Corporation Primary CA-1¡0
 *?H?÷
?[¹?ÁÜ=ÑØzYG ¢?ØûÚ¡êÿ?Æ"6/?©/W)¾??Ä<(²L½Gþ¨úç?9+Ú?"{ Áu?Od?î?#í0<ñh?ëêÝTr'å3»Ç87ÿ²÷°} ?hë®Y£+ýÞßØ?ìU±o?gËbþ?'??²ÞA___________________________________________
____
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]
Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 09:43PM
Jon Stearley (jrstear sandia gov)
Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 05:47PM
Ron Gula (rgula tenablesecurity com) (1 replies)
Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 08:21PM
Anton Chuvakin (anton chuvakin org) (3 replies)
Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 09:22PM
David Corlette (DCorlette novell com)
Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 09:12PM
Andrew Hay (andrewsmhay gmail com) (2 replies)
Re: [logs] How to define Log, Event, and Alert? Jul 24 2008 12:59PM
Ron Gula (rgula tenablesecurity com) (1 replies)
Re: [logs] How to define Log, Event, and Alert? Jul 24 2008 04:17PM
Andrew Hay (andrewsmhay gmail com)
Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 09:33PM
Anton Chuvakin (anton chuvakin org)
RE: [logs] How to define Log, Event, and Alert? Jul 23 2008 08:56PM
Tina Bird (tbird precision-guesswork com) (2 replies)
[logs] RE: How to define Log, Event, and Alert? Jul 24 2008 02:55PM
Heinbockel, Bill (heinbockel mitre org)
RE: [logs] How to define Log, Event, and Alert? Jul 24 2008 09:36AM
Rainer Gerhards (rgerhards hq adiscon com)
Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 03:45PM
Bill Scherr IV (bschnzl cotse net) (2 replies)
Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 05:37PM
Michael Kinsley (michael kinsley sensage com)
Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 04:40PM
Chris Lonvick (clonvick cisco com)


 

Privacy Statement
Copyright 2010, SecurityFocus