SecurityFocus

[logs] How to define Log, Event, and Alert? Jul 23 2008 03:26PM
Heinbockel, Bill (heinbockel mitre org) (3 replies)

Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 09:43PM
Jon Stearley (jrstear sandia gov)

Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 05:47PM
Ron Gula (rgula tenablesecurity com) (1 replies)

Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 08:21PM
Anton Chuvakin (anton chuvakin org) (3 replies)

Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 09:22PM
David Corlette (DCorlette novell com)

Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 09:12PM
Andrew Hay (andrewsmhay gmail com) (2 replies)

How about referring to an event as:

"A discrete, distinct, and discernible occurrence of interest within
an environment"

Thoughts?

On Wed, Jul 23, 2008 at 5:21 PM, Anton Chuvakin <anton (at) chuvakin (dot) org [email concealed]> wrote:
>> I'm good with the definitions, except for the concept of an "event":
>
> Same thing. Event is not necessarily "a state change." It is a
> broader thing, basically, "something that happened" (even though a
> state is the same - e.g. backup is proceeding, attack was seen, etc)
>
>
>>
>>> Event:
>>> A discrete, distinct, and discernible state change in an
>>> environment.
>>
>> In some aspects, state changes such as processes dieing or starting
>> are surely events, but I also think that some logs which don't indicate
>> a state change such as login failures, port scanning, intrusion
>> detection logs, and so on are noteworthy and worth alerting on.
>>
>> Ron
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> LogAnalysis mailing list
>> LogAnalysis (at) loganalysis (dot) org [email concealed]
>> http://www.loganalysis.org/mailman/listinfo/loganalysis
>>
>
>
>
> --
> Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
> http://www.chuvakin.org
> http://chuvakin.blogspot.com
> http://www.info-secure.org
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis (at) loganalysis (dot) org [email concealed]
> http://www.loganalysis.org/mailman/listinfo/loganalysis
>

--
Andrew Hay
Security+, CCSE Plus, RHCE, GSEC, GCIA, GCIH, CISSP
blog: http://www.andrewhay.ca
email: andrewsmhay (at) gmail (dot) com [email concealed]
twitter: andrewsmhay
profile: http://www.linkedin.com/in/andrewhay
_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]

Re: [logs] How to define Log, Event, and Alert? Jul 24 2008 12:59PM
Ron Gula (rgula tenablesecurity com) (1 replies)

Re: [logs] How to define Log, Event, and Alert? Jul 24 2008 04:17PM
Andrew Hay (andrewsmhay gmail com)

Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 09:33PM
Anton Chuvakin (anton chuvakin org)

RE: [logs] How to define Log, Event, and Alert? Jul 23 2008 08:56PM
Tina Bird (tbird precision-guesswork com) (2 replies)

[logs] RE: How to define Log, Event, and Alert? Jul 24 2008 02:55PM
Heinbockel, Bill (heinbockel mitre org)

RE: [logs] How to define Log, Event, and Alert? Jul 24 2008 09:36AM
Rainer Gerhards (rgerhards hq adiscon com)

Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 03:45PM
Bill Scherr IV (bschnzl cotse net) (2 replies)

Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 05:37PM
Michael Kinsley (michael kinsley sensage com)

Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 04:40PM
Chris Lonvick (clonvick cisco com)