Lists

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Re: [Fed-Talk] Syslog, SIEMs, and Laptops

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] Syslog, SIEMs, and Laptops

Subject: Re: [Fed-Talk] Syslog, SIEMs, and Laptops
From: Todd Heberlein <email@hidden>
Date: Tue, 03 Apr 2012 09:14:45 -0700

On Apr 2, 2012, at 8:46 PM, Boyd Fletcher wrote:

> Syslog can't be fixed. it has major structural issues that only be solved with a complete redesign.

ArcSight, arguably the market leader in SIEM, uses syslog to consume data from the 300+ third party sensors they support (via their Common Event Format, CEF).

This has me concerned for a number of reasons as mentioned in my first email, especially for laptops (security-relevant information going over syslog while connected to a Starbucks Wi-Fi?!).  I've sent an email to ArcSight asking for clarification on these issues. I'm hoping they have a "Best Practices" document that might address some of these concerns.

Todd

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

References:
	>[Fed-Talk] Syslog, SIEMs, and Laptops (From: Todd Heberlein <email@hidden>)
	>Re: [Fed-Talk] Syslog, SIEMs, and Laptops (From: Boyd Fletcher <email@hidden>)

Prev by Date: [Fed-Talk] PolicyBanner and Section 508?
Next by Date: Re: [Fed-Talk] Please help me unsubscribe
Previous by thread: Re: [Fed-Talk] Syslog, SIEMs, and Laptops
Next by thread: [Fed-Talk] PolicyBanner and Section 508?
Index(es):
- Date
- Thread