Here is a weird one: what does capturing packets have to do with log management? While some people can spent hours debating whether something like an SNMP trap is, in fact, a log, few would consider PCAP files to be logs.
However, look at this recent PR piece from Sourcefire which introduces daemonlogger - a tool to efficiently capture packets (kind of tcpdump on steroids) - the piece does mention "logs" and "logging" (and even log management) way too many times.
What's up with that? Is logging cool again? :-) Or is somebody at Sourcefire thinking about logs? They do need to diversify, ya know...
1 comment:
@ Anton
Any captured network traffic may be considered a historical record i.e. log.
In addition, the captured network traffic can be “replayed” with a high degree of accuracy based on the timestamp recorded within the PCAP file.
That stated, I demonstrated a proof of concept to insert, modify a PCAP file as part of my presentation on "Defeating Network Intrusion Detection and Prevention" at RUXCON in 2005.
Post a Comment