*Everybody* (and I do mean everybody) involved with log analysis, log management or SIM (SEM, SIEM) should read this thread on firewall-wizards mailing list.
This is yet another message by Marcus Ranum that should be looked at!
Its a bit hard to follow since it started from an unrelated subject of firewall appliance selection, but it got to a rare depth of log analysis discussion, with Marcus Ranum leading the pack.
No comments:
Post a Comment