The Experts below are selected from a list of 54 Experts worldwide ranked by ideXlab platform
Rainer Gerhards - One of the best experts on this subject based on the ideXlab platform.
-
the Syslog Protocol
RFC, 2009Co-Authors: Rainer GerhardsAbstract:This document describes the Syslog Protocol which is used to convey event notification messages. It describes a layered architecture for an easily extensible Syslog Protocol. It also describes the basic message format and structured elements used to provide meta- information about the message.
-
SSH transport mapping for Syslog
2006Co-Authors: Rainer GerhardsAbstract:This document describes a method for invoking and running the Syslog Protocol within a Secure Shell (SSH) session as an SSH subsystem.
Hiroshi Tsunoda - One of the best experts on this subject based on the ideXlab platform.
-
Managing Syslog
The 16th Asia-Pacific Network Operations and Management Symposium, 2014Co-Authors: Hiroshi Tsunoda, Glenn Mansfield KeeniAbstract:Log messages are generated by operating systems and applications. These messages contain important information about the health and operation of the system. The messages are also of great significance for security management, audit-checks, and forensics in an intranet. So, a logging system that generates, relays, collects and archives log messages, must be monitored and managed just like all other components of the ICT infrastructure, to ensure that it is operating normally i.e., the logs are being collected and archived as desired. In the Internet, some progress has been made towards the standardization of the Syslog Protocol but, to date, the management aspect of Syslog has been neglected, for all practical purposes. In this paper, we discuss the necessity and importance of monitoring and managing logging systems. We present the basic design of a Management Information Base module which will make it possible to monitor and manage a Syslog system using standard management Protocols. Then we discuss a prototype implementation of the MIB and demonstrate a Syslog management application for managing the Syslog configuration of an enterprise.
-
A Prioritized Retransmission Mechanism for Reliable and Efficient Delivery of Syslog Messages
2009 Seventh Annual Communication Networks and Services Research Conference, 2009Co-Authors: Hiroshi Tsunoda, Glenn Mansfield Keeni, Takafumi Maruyama, Kohei Ohta, Yuji Waizumi, Yoshiaki NemotoAbstract:Summary form only given. Logs generated by operating systems and application programs provide important information to a network administrator. Logs are used for various purposes including security management, audit, and forensics of intranet. To use logs for such purposes, it is important that logs are reliably retrieved from hosts in the intranet. But the Syslog Protocol which is widely used for network logging does not meet this requirement. Thus, the use of TCP for improving the reliability is being standardized at the IETF. However, TCP is not effective for providing the reliability in terms of cost and delay. In this paper, we examine the issues and requirements of network logging based on experiments in a real network environment and point out problems of TCP. Then we propose an efficient mechanism for the reliable delivery of Syslog messages and validate its effectiveness thorough NS-2 simulations.
Glenn Mansfield Keeni - One of the best experts on this subject based on the ideXlab platform.
-
Managing Syslog
The 16th Asia-Pacific Network Operations and Management Symposium, 2014Co-Authors: Hiroshi Tsunoda, Glenn Mansfield KeeniAbstract:Log messages are generated by operating systems and applications. These messages contain important information about the health and operation of the system. The messages are also of great significance for security management, audit-checks, and forensics in an intranet. So, a logging system that generates, relays, collects and archives log messages, must be monitored and managed just like all other components of the ICT infrastructure, to ensure that it is operating normally i.e., the logs are being collected and archived as desired. In the Internet, some progress has been made towards the standardization of the Syslog Protocol but, to date, the management aspect of Syslog has been neglected, for all practical purposes. In this paper, we discuss the necessity and importance of monitoring and managing logging systems. We present the basic design of a Management Information Base module which will make it possible to monitor and manage a Syslog system using standard management Protocols. Then we discuss a prototype implementation of the MIB and demonstrate a Syslog management application for managing the Syslog configuration of an enterprise.
-
A Prioritized Retransmission Mechanism for Reliable and Efficient Delivery of Syslog Messages
2009 Seventh Annual Communication Networks and Services Research Conference, 2009Co-Authors: Hiroshi Tsunoda, Glenn Mansfield Keeni, Takafumi Maruyama, Kohei Ohta, Yuji Waizumi, Yoshiaki NemotoAbstract:Summary form only given. Logs generated by operating systems and application programs provide important information to a network administrator. Logs are used for various purposes including security management, audit, and forensics of intranet. To use logs for such purposes, it is important that logs are reliably retrieved from hosts in the intranet. But the Syslog Protocol which is widely used for network logging does not meet this requirement. Thus, the use of TCP for improving the reliability is being standardized at the IETF. However, TCP is not effective for providing the reliability in terms of cost and delay. In this paper, we examine the issues and requirements of network logging based on experiments in a real network environment and point out problems of TCP. Then we propose an efficient mechanism for the reliable delivery of Syslog messages and validate its effectiveness thorough NS-2 simulations.
Jung-chan Na - One of the best experts on this subject based on the ideXlab platform.
-
Intrusion alert normalization method using AWK scripts and attack name database
The 7th International Conference on Advanced Communication Technology 2005 ICACT 2005., 2005Co-Authors: Hyochan Bang, Jung-chan NaAbstract:The current several classes of intrusion alert have various formats and semantics. And it is transferred using a variety of Protocols. The Protocols that transfer intrusion alert are IDXP, SNMP trap, Syslog Protocol, etc. These varieties of intrusion alert formats make it difficult to use that together. Intrusion alert normalization makes various intrusions alert to same structure data and same semantics. We need this normalization process to unify alerts from a variety of security equipments. This paper describes how to normalize alerts from several IDS and security equipments.
Yoshiaki Nemoto - One of the best experts on this subject based on the ideXlab platform.
-
A Prioritized Retransmission Mechanism for Reliable and Efficient Delivery of Syslog Messages
2009 Seventh Annual Communication Networks and Services Research Conference, 2009Co-Authors: Hiroshi Tsunoda, Glenn Mansfield Keeni, Takafumi Maruyama, Kohei Ohta, Yuji Waizumi, Yoshiaki NemotoAbstract:Summary form only given. Logs generated by operating systems and application programs provide important information to a network administrator. Logs are used for various purposes including security management, audit, and forensics of intranet. To use logs for such purposes, it is important that logs are reliably retrieved from hosts in the intranet. But the Syslog Protocol which is widely used for network logging does not meet this requirement. Thus, the use of TCP for improving the reliability is being standardized at the IETF. However, TCP is not effective for providing the reliability in terms of cost and delay. In this paper, we examine the issues and requirements of network logging based on experiments in a real network environment and point out problems of TCP. Then we propose an efficient mechanism for the reliable delivery of Syslog messages and validate its effectiveness thorough NS-2 simulations.
