LogAnalysis
[logs] Re: [CEE-DISCUSSION-LIST] Fwd: Re: [CEE-DISCUSSION-LIST]Defining Log, Event, and Alert (Round 2) Jul 31 2008 08:29PM
David Corlette (DCorlette novell com)

> This is why definitions for "log" and "alert" were included -- because they are actively used by the log community.

Excellent points, and agreed. I'm not suggesting removing any definitions, but perhaps indication which ones we will use within CEE (anticipated, anyway) will help clarify things.

> While reading through yours (Dave's) and others' responses, I realized that the main issue (as you allude to) is that I was calling CEE a "log" standard.

And here I thought it was a Common *Event* standard ;-)

> In order to better define the scope of CEE, I defined "event log". While I don't have any problems with renaming it to "event stream", I would anticipate
> the question of how is an "event stream" different from a "log"?

Very different, in my mind. I wouldn't consider events being sent as UDP packet data a "log", but I would consider that an event stream. To me the word "log" implies persistence, but then again it's also a verb and has nine other meanings, which is why I prefer to avoid it.

> I named it "event log" because everyone is familiar with
> the term "log",

Familiar, yes. Agree on what it means, no.

> So, I think that all of these definitions should not be
> *for* the standard. They should be for the logging
> community (loganalysis, etc.) and are necessary for the
> scoping and development of CEE.

Agreed, with caveat about identifying which ones we think we'll use for CEE.

_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus