By now, you must have recognized all the signs of a blogging frenzy: don't you worry, this is my last post for today... probably :-)
So, this fun blurb has a few interesting thoughts on log management. And one on log management vs SIEM: "I like my logging solution to have plenty of evidence preservation goodness and I don’t want it muddied because a correlator had to normalize the data before it could parse, alarm on, or display the log data."
Some people share this view and some don't. How it will end up is anybody's guess - my crystal ball needs rebooting. Vista, you know :-)
No comments:
Post a Comment