LogAnalysis
[logs] How to define Log, Event, and Alert? Jul 23 2008 03:26PM
Heinbockel, Bill (heinbockel mitre org) (3 replies)
Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 09:43PM
Jon Stearley (jrstear sandia gov)
Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 05:47PM
Ron Gula (rgula tenablesecurity com) (1 replies)
Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 08:21PM
Anton Chuvakin (anton chuvakin org) (3 replies)
Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 09:22PM
David Corlette (DCorlette novell com)
Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 09:12PM
Andrew Hay (andrewsmhay gmail com) (2 replies)
Re: [logs] How to define Log, Event, and Alert? Jul 24 2008 12:59PM
Ron Gula (rgula tenablesecurity com) (1 replies)
Re: [logs] How to define Log, Event, and Alert? Jul 24 2008 04:17PM
Andrew Hay (andrewsmhay gmail com)
Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 09:33PM
Anton Chuvakin (anton chuvakin org)
What if it is completely devoid of "interest," boring as ... as a log? ;-)

I like the definition, but interest might be determined later, is the
eye of the beholder, etc.

I think we can't go beyond "smth that happened", however generic it might be.

"Occurence on an information system?"

I think the "classic" def of an event was "observable occurence", but
it is too academic to my taste...

On 7/23/08, Andrew Hay <andrewsmhay (at) gmail (dot) com [email concealed]> wrote:
> How about referring to an event as:
>
> "A discrete, distinct, and discernible occurrence of interest within
> an environment"
>
> Thoughts?
>
> On Wed, Jul 23, 2008 at 5:21 PM, Anton Chuvakin <anton (at) chuvakin (dot) org [email concealed]> wrote:
>>> I'm good with the definitions, except for the concept of an "event":
>>
>> Same thing. Event is not necessarily "a state change." It is a
>> broader thing, basically, "something that happened" (even though a
>> state is the same - e.g. backup is proceeding, attack was seen, etc)
>>
>>
>>>
>>>> Event:
>>>> A discrete, distinct, and discernible state change in an
>>>> environment.
>>>
>>> In some aspects, state changes such as processes dieing or starting
>>> are surely events, but I also think that some logs which don't indicate
>>> a state change such as login failures, port scanning, intrusion
>>> detection logs, and so on are noteworthy and worth alerting on.
>>>
>>> Ron
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> LogAnalysis mailing list
>>> LogAnalysis (at) loganalysis (dot) org [email concealed]
>>> http://www.loganalysis.org/mailman/listinfo/loganalysis
>>>
>>
>>
>>
>> --
>> Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
>> http://www.chuvakin.org
>> http://chuvakin.blogspot.com
>> http://www.info-secure.org
>> _______________________________________________
>> LogAnalysis mailing list
>> LogAnalysis (at) loganalysis (dot) org [email concealed]
>> http://www.loganalysis.org/mailman/listinfo/loganalysis
>>
>
>
>
> --
> Andrew Hay
> Security+, CCSE Plus, RHCE, GSEC, GCIA, GCIH, CISSP
> blog: http://www.andrewhay.ca
> email: andrewsmhay (at) gmail (dot) com [email concealed]
> twitter: andrewsmhay
> profile: http://www.linkedin.com/in/andrewhay
>

--
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
http://www.chuvakin.org
http://chuvakin.blogspot.com
http://www.info-secure.org
_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]
RE: [logs] How to define Log, Event, and Alert? Jul 23 2008 08:56PM
Tina Bird (tbird precision-guesswork com) (2 replies)
[logs] RE: How to define Log, Event, and Alert? Jul 24 2008 02:55PM
Heinbockel, Bill (heinbockel mitre org)
RE: [logs] How to define Log, Event, and Alert? Jul 24 2008 09:36AM
Rainer Gerhards (rgerhards hq adiscon com)
Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 03:45PM
Bill Scherr IV (bschnzl cotse net) (2 replies)
Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 05:37PM
Michael Kinsley (michael kinsley sensage com)
Re: [logs] How to define Log, Event, and Alert? Jul 23 2008 04:40PM
Chris Lonvick (clonvick cisco com)


 

Privacy Statement
Copyright 2010, SecurityFocus