LogAnalysis
RE: [logs] How to define Log, Event, and Alert? Jul 24 2008 04:43PM
Tina Bird (tbird precision-guesswork com) (1 replies)
RE: [logs] How to define Log, Event, and Alert? Jul 25 2008 02:23AM
Bill Scherr IV (bschnzl cotse net) (1 replies)
Re: [logs] How to define Log, Event, and Alert? Jul 25 2008 04:14AM
Anton Chuvakin (anton chuvakin org) (1 replies)
Good point. So:

Event = something that happened on a system.
Log = a TIMED record of the above occurence.

On Thu, Jul 24, 2008 at 7:23 PM, Bill Scherr IV <bschnzl (at) cotse (dot) net [email concealed]> wrote:
> So...
>
> I gather a temporal mention to be appropriate beyond the definition of the Log. Also, most systems break off their logs by
> size, not time. Although there is a definite time to each log, they are not consistent, even with the same log gatherer. Right or
> wrong, that is how I find them. Suggestions below (if I may be so bold):
>
> Circa 11:26, 23 Jul 2008, a note, claiming source Heinbockel, Bill <heinbockel (at) mitre (dot) org [email concealed]>, was sent to me:
>
> From: "Heinbockel, Bill" <heinbockel (at) mitre (dot) org [email concealed]>
> To: <loganalysis (at) loganalysis (dot) org [email concealed]>
> Subject: [logs] How to define Log, Event, and Alert?
>
>>
>>
>> Here is our initial shot at defining these terms:
>>
>>
>> Event:
>> A discrete, distinct, and discernible state change in an
>> environment.
>
> A discrete, distinct, and discernible state change in an environment at a recorded (or given) time.
>>
>> Alert (n):
>> A warning or notification generated in response to an event.
>>
>> Alert (v):
>> The act of generating, transport, or displaying a warning or
>> notification in response to an event.
>>
>> Log Entry:
>> The record of an event in a log. Event log, event record, log
>> message, log record, and audit record are all synonyms that have been
>> used to refer to log entries.
>
> The record of an event in a log, in sequence, usually with a timestamp. <thesaurus reference to follow>
>>
>> Log (n):
>> The record comprising one or more log entries accumulated over
>> a given period. This may be electronic (e.g. stored in memory, disk,
>> software, database, text file, etc), physical (e.g. on paper), or even
>> verbal (e.g., "Between 10:00 and 10:01 we received a series of several
>> thousand SYN packets that we acknowledged, but full TCP connections
>> were not completed. At 10:02, our server resources exceeded the
>> maximum tolerable level and crashed.").
>>
>> Log (v):
>> The act of recording or storing one or more events.
>>
>>
>>
>> What do you think?
>> Can these definitions be changed/improved in anyway?
>> Is there any examples, synonyms, or clarifications that should be
>> added?
>>
>
> Event: The same state change may occur repeatedly.
> Log Entry: No entry happens without context.
>
>
>
>
> Bill Scherr IV, GSEC, GCIA
> Principal Security Engineer
> EWA Information and Infrastructure Technologies
> bscherr (at) iit-tek (dot) com [email concealed]
> bscherr (at) ewa (dot) com [email concealed]
> 703-478-7608
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis (at) loganalysis (dot) org [email concealed]
> http://www.loganalysis.org/mailman/listinfo/loganalysis
>

--
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
http://www.chuvakin.org
http://chuvakin.blogspot.com
http://www.info-secure.org
_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]
RE: [logs] How to define Log, Event, and Alert? Jul 25 2008 09:23AM
Rainer Gerhards (rgerhards hq adiscon com) (1 replies)
RE: [logs] How to define Log, Event, and Alert? Jul 26 2008 02:48AM
Bill Scherr IV (bschnzl cotse net) (1 replies)
RE: [logs] How to define Log, Event, and Alert? Jul 29 2008 03:31PM
Rainer Gerhards (rgerhards hq adiscon com) (1 replies)
RE: [logs] How to define Log, Event, and Alert? Jul 30 2008 07:41AM
Eric Fitzgerald (Eric Fitzgerald microsoft com) (1 replies)
RE: [logs] How to define Log, Event, and Alert? Jul 30 2008 09:56AM
Rainer Gerhards (rgerhards hq adiscon com)


 

Privacy Statement
Copyright 2010, SecurityFocus