Thursday, June 15, 2006

Just what is a log (and what is not?)

Logblog: A Log By Any Other Name: "A log file is a file that lists all actions that have occurred on a device, within an application, or on a server."

Seeing blog post on our blog reminded me of a debate I had with one of my friends: is SNMP trap a log?

Why 'yes'
* it comes over UDP, just like syslog
* it helps to know what happened on a system

Why 'no'
* people don't think so :-)
* traps are supposed to be acted on, not analyzed

Overall, more often than not I think that SNMP traps should be considered logs for most practical purposes (and, most certainly, for security purposes)

Dr Anton Chuvakin