LogChat Podcast 5: Anton Chuvakin and Andrew Hay Talk Logs

LogChat Podcast is back again – sorry for a brief delay! Everybody knows that all this world needs is a podcast devoted to logs, logging and log management (as well as SIEM, incident response and other fun related subjects).

And now you have it AGAIN with edition #5 - through the sheer combined genius of Andrew Hay and myself, Anton Chuvakin. Our topic today is scaling and sizing log management and SIEM: scalability, sizing, estimating log volumes, hard EPS limits (evil!), scalability of the entire system vs component scalability, peak vs ongoing log rates, EPS, petabytes of logs, “log math”, capacity planning as well as how to “slap your vendor” (obviously, a quote is from Andrew, not myself ) in regards to the scalability of their tools.

Some administrative items:

1. We plan for this to happen periodically, such as maybe every three weeks - recorded on Wednesday, posted on Thursday. However, due to our work schedules, irregularities occur all the time. If you have not seen or heard a new LogChat podcast for a few weeks, be aware that we are not dead; just busy taking over the world.
2. No, we are still not ready with transcribing and, yes, we still want it.  I did try Amazon Mechanical Turk, but it didn't turn to be as inexpensive as people claimed. If you have ideas for a good AND cheap transcribing service, we are all ears.
3. Please suggest topics to cover as well - even though we are not likely to run out of ideas for a few years.
4. Any other feedback is HUGELY useful. Is it too long? Too loud? Too rant-y? Too technical? Not enough jokes? Too few mentions of the "cloud"? Feedback please!

And now, in all its glory - the podcast: link to #5 MP3 is here [MP3], RSS feed is here - it is also on iTunes now.

Enjoy THE LogChat!


Possibly related posts:

• LogChat Podcast 1: Anton Chuvakin and Andrew Hay Talk Logs
• LogChat Podcast 2: Anton Chuvakin and Andrew Hay Talk Logs
• LogChat Podcast 3: Anton Chuvakin and Raffy Marty Talk Logs
• LogChat Podcast 4: Anton Chuvakin and Andrew Hay Talk Logs

LogChat Podcast 4: Anton Chuvakin and Andrew Hay Talk Logs

LogChat Podcast is back again - and now on iTunes as well! Everybody knows that all this world needs is a podcast devoted to logs, logging and log management (as well as SIEM, incident response and other fun related subjects).

And now you have it AGAIN with edition #4 - through the sheer combined genius of Andrew Hay and myself, Anton Chuvakin.

Our topic today is log management IN the cloud: in the cloud –not for the cloud, NIST cloud definitions and hosted log management, log management AND SIEM in the cloud, real-time correlation in the cloud – is it possible, hybrid solutions, sensitivity of log data, barriers to market entry,  log collection for the cloud, etc.
All that + how not to anger Chris Hoff with your cloud log management tool

Some administrative items:

1. No, we are still not ready with transcribing and, yes, we still want it.  I did try Amazon Mechanical Turk, but it didn't turn to be as inexpensive as people claimed. If you have ideas for a good AND cheap transcribing service, we are all ears.
2. We plan for this to happen every three weeks - recorded on Wednesday, posted on Thursday. However, due to our work schedules, irregularities will occur all the time….
3. Please suggest topics to cover as well - even though we are not likely to run out of ideas for a few years.
4. Any other feedback is HUGELY useful. Is it too long? Too loud? Too rant-y? Too technical? Not enough jokes? Too few mentions of the "cloud"? Feedback please!

And now, in all its glory - the podcast: link to #4 MP3 is here [MP3], RSS feed is here - it is also on iTunes now.

Enjoy THE LogChat!


Possibly related posts:

• LogChat Podcast 1: Anton Chuvakin and Andrew Hay Talk Logs
• LogChat Podcast 2: Anton Chuvakin and Andrew Hay Talk Logs
• LogChat Podcast 3: Anton Chuvakin and Raffy Marty Talk Logs

LogChat Podcast 3: Anton Chuvakin and Raffy Marty (!) Talk Logs

LogChat Podcast is back again - and now on iTunes as well! Everybody knows that all this world needs is a podcast devoted to logs, logging and log management (as well as SIEM, incident response and other fun related subjects).

And now you have it AGAIN with edition #3 - through the sheer combined genius of our “guest host” Raffael Marty (sorry,  Andrew Hay – please get well soon, the world of logging needs you!) and myself, Anton Chuvakin.

As usual, administrative items first:

1. So far, we are still not ready with transcribing.  I did try Amazon Mechanical Turk, but it didn't turn to be as inexpensive as people claimed. If you have ideas for a good/inexpensive transcribing service, we are all ears.
2. We plan for this to happen every three weeks - recorded on Wednesday, posted on Thursday. However, due to our work schedules, irregularities will occur :-)
3. Please suggest topics to cover as well - even though we are not likely to run out of ideas for a few years. Our topic today is building a business case for log management: justifications for logging, log collection and log review, time/money savings, availability monitoring, logs for incident response AND system troubleshooting, “going beyond compliance”, business case for SIEM vs log management, etc
4. Any other feedback is HUGELY useful. Is it too long? Too loud? Too rant-y? Too technical? Not enough jokes? Too few mentions of the "cloud"? Feedback please!

And now, in all its glory - the podcast: link to #3 MP3 is here [MP3], RSS feed is here - it is also on iTunes now.

Enjoy THE LogChat!
Possibly related posts:

• LogChat Podcast 1: Anton Chuvakin and Andrew Hay Talk Logs 
• LogChat Podcast 2: Anton Chuvakin and Andrew Hay Talk Logs

LogChat Podcast 2: Anton Chuvakin and Andrew Hay Talk Logs

LogChat Podcast is back - and now on iTunes as well! Everybody knows that all this world needs is a podcast devoted to logs, logging and log management (as well as SIEM, incident response and other closely related subjects).

And now you have it AGAIN with edition #2 - through the sheer combined genius of Andrew Hay and myself, Anton Chuvakin.

Administrative items first:

1. It turns out, we don't need a new name! We are now entirely happy with "LogChat." The prize we offered will hereby be awarded to that one person who liked the original name :-) Marisa, please email me to claim your very own signed copy of the "PCI Compliance" book.
2. So far, we are still not ready with transcribing.  I did try Amazon Mechanical Turk, but it didn't turn to be as inexpensive as people claimed. If you have ideas for a good/inexpensive transcribing service, we are all ears.
3. We plan for this to happen every four weeks - recorded on Wednesday, posted on Thursday. However, due to our work schedules, irregularities may occur :-)
4. Please suggest topics to cover as well - even though we are not likely to run out of ideas for a few years. Our topic today is log collection challenges and solutions: log sizing, EPS estimation, agents/agentless, high volume collection, Windows to syslog, etc
5. Any other feedback is HUGELY useful. Is it too long? Too loud? Too rant-y? Too technical? Not enough jokes? Too few mentions of the "cloud"? Feedback please!

And now, in all its glory - the podcast: link to #2 MP3 is here [MP3], RSS feed is here - it is also on iTunes now. Enjoy THE LogChat!


Possibly related posts:

• LogChat Podcast 1: Anton Chuvakin and Andrew Hay Talk Logs

LogChat Podcast 1: Anton Chuvakin and Andrew Hay Talk Logs

"LogChat" Podcast is born! Everybody knows that all this world needs is a podcast devoted to logs, logging and log management (as well as SIEM, incident response and other closely related subjects).

And now you have it - through the sheer combined genius of Andrew Hay and myself, Anton Chuvakin.

Administrative items first:

1. We need a new name! We are not entirely happy with "LogChat" and, sadly, "LogTalk" is taken. Please suggest a name - if we pick yours, you get a free signed  copy of my "PCI Compliance" book.
2. We will post the transcript, not just the MP3 file - in a few days. If you have ideas for a good/inexpensive transcribing service, we are all ears. I will try Amazon Mechanical Turk first, but it might not be good enough for a technical podcast.
3. Please also suggest topics to cover as well - even though we are not likely to run out of ideas for a few years. Our first topic today is new log source integration - if it sounds boring...well...listen first/judge second :-)
4. We plan for this to be a monthly podcast. So, the next one will happen sometime early October.
5. Any other feedback is HUGELY useful. Is it too long? Too loud? Not enough jokes? Too few mentions of the "cloud"? Feedback please! Who knows...maybe there are more PCI books left in my secret stash and you too will earn that glorious prize for the most useful piece of feedback  :-)

And now, in all its, glory - the podcast: the link to MP3 is here [MP3].
UPDATE: RSS feed is here.

Enjoy the log chat!

Some Fun Reading and Listening

As I am preparing to attend to a family emergency and thus go “offline” for a while, here is something fun stuff for my dear readers:

• “PCI War” rages one in this “CSO Online” podcast “The Great PCI Security Debate of 2010: Part 1” [MP3] with such fun people as Joshua Corman, Mike Dahn, Jack Daniel, Ben Rothke, Martin McKeay, etc.  It is a bit chaotic at times, but fun and enlightening. It was also fun to participate in, despite the fact that it was recorded at 7AM. This piece provides some background for the debate.
• The second part of the PCI debate was just posted here.
• Those with interest in SIEM must read Rocky’s “The 2010 SIEM Winter Olympics Preview”

Enjoy! More fun posts coming when I am back. For now, buy The PCI Book :-)
BTW, see you all at ShmooCon and then at RSA 2010.

Misc Fun Security Listens and Reads

Here is some hopefully fun content + random bits of self-promotion that I forgot to blog before. More blogging to come; I just finished responding to tech reviewer comments for the last chapter of the PCI book, so I will have more time.

• Anton Chuvakin on PCI DSS compliance, security and nonprofits (direct MP3 link to a podcast)
• A random fun interview with me here; please don’t bug me about my definition of “Enterprise 2.0” though :-)
• This is old (“PaulDotCom Security Weekly - Special Edition - PCI Round Table” aka “PCI Inquisition”), but sooo fun and absolutely worth a listen (sorry that it was stuck in my “2blog” queu for so long) – direct MP3 link.

Sadly, I still have snorkeling on my mind and not security and compliance :-)

Obligatory “added everywhere” posts :-)

• I am not at Qualys anymore and looking for the next big security idea to work on!

OWASP Podcast Interview on PCI.

Here is a fun podcast interview that I did with OWASP; the subject is mostly PCI DSS (but watch for some fun Q&A in the end too)

Direct MP3 link is here[mp3]

Brian's Interview With Me on PCI, Vulnerability, Application Security, etc

Brian did this fun interview with me a few days ago. The topics are PCI DSS (of course!), vulnerability management, application security and other fun stuff. The actual interview is here and a direct link to MP3 here.