|
|
LogAnalysis
[logs] How to define Log, Event, and Alert? Jul 23 2008 03:26PM Heinbockel, Bill (heinbockel mitre org) (3 replies) Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 09:43PM Jon Stearley (jrstear sandia gov) Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 05:47PM Ron Gula (rgula tenablesecurity com) (1 replies) Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 08:21PM Anton Chuvakin (anton chuvakin org) (3 replies) Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 09:22PM David Corlette (DCorlette novell com) Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 09:12PM Andrew Hay (andrewsmhay gmail com) (2 replies) Re: [logs] How to define Log, Event, and Alert? Jul 24 2008 12:59PM Ron Gula (rgula tenablesecurity com) (1 replies) Re: [logs] How to define Log, Event, and Alert? Jul 24 2008 04:17PM Andrew Hay (andrewsmhay gmail com) RE: [logs] How to define Log, Event, and Alert? Jul 23 2008 08:56PM Tina Bird (tbird precision-guesswork com) (2 replies) [logs] RE: How to define Log, Event, and Alert? Jul 24 2008 02:55PM Heinbockel, Bill (heinbockel mitre org) RE: [logs] How to define Log, Event, and Alert? Jul 24 2008 09:36AM Rainer Gerhards (rgerhards hq adiscon com) Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 03:45PM Bill Scherr IV (bschnzl cotse net) (2 replies) Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 05:37PM Michael Kinsley (michael kinsley sensage com) Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 04:40PM Chris Lonvick (clonvick cisco com) |
|
Privacy Statement |
I like the definition, but interest might be determined later, is the
eye of the beholder, etc.
I think we can't go beyond "smth that happened", however generic it might be.
"Occurence on an information system?"
I think the "classic" def of an event was "observable occurence", but
it is too academic to my taste...
On 7/23/08, Andrew Hay <andrewsmhay (at) gmail (dot) com [email concealed]> wrote:
> How about referring to an event as:
>
> "A discrete, distinct, and discernible occurrence of interest within
> an environment"
>
> Thoughts?
>
> On Wed, Jul 23, 2008 at 5:21 PM, Anton Chuvakin <anton (at) chuvakin (dot) org [email concealed]> wrote:
>>> I'm good with the definitions, except for the concept of an "event":
>>
>> Same thing. Event is not necessarily "a state change." It is a
>> broader thing, basically, "something that happened" (even though a
>> state is the same - e.g. backup is proceeding, attack was seen, etc)
>>
>>
>>>
>>>> Event:
>>>> A discrete, distinct, and discernible state change in an
>>>> environment.
>>>
>>> In some aspects, state changes such as processes dieing or starting
>>> are surely events, but I also think that some logs which don't indicate
>>> a state change such as login failures, port scanning, intrusion
>>> detection logs, and so on are noteworthy and worth alerting on.
>>>
>>> Ron
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> LogAnalysis mailing list
>>> LogAnalysis (at) loganalysis (dot) org [email concealed]
>>> http://www.loganalysis.org/mailman/listinfo/loganalysis
>>>
>>
>>
>>
>> --
>> Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
>> http://www.chuvakin.org
>> http://chuvakin.blogspot.com
>> http://www.info-secure.org
>> _______________________________________________
>> LogAnalysis mailing list
>> LogAnalysis (at) loganalysis (dot) org [email concealed]
>> http://www.loganalysis.org/mailman/listinfo/loganalysis
>>
>
>
>
> --
> Andrew Hay
> Security+, CCSE Plus, RHCE, GSEC, GCIA, GCIH, CISSP
> blog: http://www.andrewhay.ca
> email: andrewsmhay (at) gmail (dot) com [email concealed]
> twitter: andrewsmhay
> profile: http://www.linkedin.com/in/andrewhay
>
--
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
http://www.chuvakin.org
http://chuvakin.blogspot.com
http://www.info-secure.org
_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis
[ reply ]