Chris Calabrese <[EMAIL PROTECTED]> wrote:
> In that case, here's my proposal for protocol changes (this is off the top of my
> head folks).....
I agree with most of this. There is a lot of flexibility available
here, and the main task is to spell out scenarios and reasons for
choosing one set of encoding/transport/storage mechanisms over another.
Some are obvious, others are not. It's a fairly large matrix, and there
should be some navigation advice to the network admin as well as
designer/coder in how to approach a particular problem.
For example, Chris Lonvick has pointed out repeatedly that confirmed
persistent storage of a log record is a requirement in the custom TCP
based logger Cisco has provided to a US government customer. Firm
requirements like that will identify required mechanisms and place some
signposts on the map of possible choices.
Does anyone have any similar experience with firm security related
requirements for event logging?
--
Alex Brown <[EMAIL PROTECTED]> +1 617 504 8761
