LogAnalysis
[logs] How to define Log, Event, and Alert? Jul 23 2008 03:26PM
Heinbockel, Bill (heinbockel mitre org) (3 replies)
Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 09:43PM
Jon Stearley (jrstear sandia gov)
Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 05:47PM
Ron Gula (rgula tenablesecurity com) (1 replies)
Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 08:21PM
Anton Chuvakin (anton chuvakin org) (3 replies)
Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 09:22PM
David Corlette (DCorlette novell com)
Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 09:12PM
Andrew Hay (andrewsmhay gmail com) (2 replies)
Re: [logs] How to define Log, Event, and Alert? Jul 24 2008 12:59PM
Ron Gula (rgula tenablesecurity com) (1 replies)
Re: [logs] How to define Log, Event, and Alert? Jul 24 2008 04:17PM
Andrew Hay (andrewsmhay gmail com)
Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 09:33PM
Anton Chuvakin (anton chuvakin org)
RE: [logs] How to define Log, Event, and Alert? Jul 23 2008 08:56PM
Tina Bird (tbird precision-guesswork com) (2 replies)
[logs] RE: How to define Log, Event, and Alert? Jul 24 2008 02:55PM
Heinbockel, Bill (heinbockel mitre org)
RE: [logs] How to define Log, Event, and Alert? Jul 24 2008 09:36AM
Rainer Gerhards (rgerhards hq adiscon com)
Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 03:45PM
Bill Scherr IV (bschnzl cotse net) (2 replies)
Would a temporal (time stamp) aspect be appropriate to the definitions?

Circa 11:26, 23 Jul 2008, a note, claiming source Heinbockel, Bill <heinbockel (at) mitre (dot) org [email concealed]>, was
sent to me:

Date sent: Wed, 23 Jul 2008 11:26:59 -0400
From: "Heinbockel, Bill" <heinbockel (at) mitre (dot) org [email concealed]>
To: <loganalysis (at) loganalysis (dot) org [email concealed]>
Subject: [logs] How to define Log, Event, and Alert?

> In support of the CEE effort to develop a log standard, we
> are trying to accurately define the concepts of "log",
> "event", and "alert". When we speak of these conceptually,
> a majority of us have common understanding of what we mean.
> However, this is not the case when presenting these terms
> to management and other people outside of the log space.
>
>
> Here is our initial shot at defining these terms:
>
>
> Event:
> A discrete, distinct, and discernible state change in an
> environment.
>
> Alert (n):
> A warning or notification generated in response to an event.
>
> Alert (v):
> The act of generating, transport, or displaying a warning or
> notification in response to an event.
>
> Log Entry:
> The record of an event in a log. Event log, event record, log
> message, log record, and audit record are all synonyms that have been
> used to refer to log entries.
>
> Log (n):
> The record comprising one or more log entries accumulated over
> a given period. This may be electronic (e.g. stored in memory, disk,
> software, database, text file, etc), physical (e.g. on paper), or even
> verbal (e.g., "Between 10:00 and 10:01 we received a series of several
> thousand SYN packets that we acknowledged, but full TCP connections
> were not completed. At 10:02, our server resources exceeded the
> maximum tolerable level and crashed.").
>
> Log (v):
> The act of recording or storing one or more events.
>
>
>
> What do you think?
> Can these definitions be changed/improved in anyway?
> Is there any examples, synonyms, or clarifications that should be
> added?
>
>
> Thanks,
>
> William Heinbockel
> Infosec Engineer, Sr.
> The MITRE Corporation
> 202 Burlington Rd. MS S145
> Bedford, MA 01730
> heinbockel (at) mitre (dot) org [email concealed]
> 781-271-2615
>
>

Bill Scherr IV, GSEC, GCIA
Principal Security Engineer
EWA Information and Infrastructure Technologies
bscherr (at) iit-tek (dot) com [email concealed]
bscherr (at) ewa (dot) com [email concealed]
703-478-7608
_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]
Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 05:37PM
Michael Kinsley (michael kinsley sensage com)
Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 04:40PM
Chris Lonvick (clonvick cisco com)


 

Privacy Statement
Copyright 2010, SecurityFocus