Re: and.. what if we define the goals first?

[by way of "Chris M. Lonvick" <[EMAIL PROTECTED]>]

Iv?n Arce <[EMAIL PROTECTED]> wrote:
"... an auditor client is an agent that retrieves logged data from the
syslog server and
presents it for visualization either by a human being or a program."

This is an important point - in security defense, detection and response
should be part of the solution, as well as technology (e.g. crypto).  The
human analysis task is the most expensive part of a total solution!

Also, note that this needs to be far more flexible than other parts of the
system, because organization needs and human inclinations vary so much.

"... doing yet a bit more of a summary (btw,  someone should
summarize all the traffic in the list at least once a week)..."

Thanks for your summary.  I will also try to digest the week's list over
the weekend, to produce a high-level issues summary or at least some form
of "minutes";  perhaps we can get it onto
http://njlug.rutgers.edu/projects/syslog.

Alex