Category Archives: CEE

How to create a log standard

Get the marketing team together for a clever name. Copy and paste Microsoft’s IIS W3C log format Write a press release and tell the world about it I am not joking, but eIQnetworks released their Open Source Event Logging Standard … Continue reading

Posted in CEE, log analysis | Leave a comment

Consistent logging – good separators

After posting my paper about Remote log injection, most of the feedback I received was regarding how “bad” these tools (e.g. DenyHosts, BlockHosts, etc) are and how bad the idea of log-based automatic response is. Some people even said that … Continue reading

Posted in CEE, log analysis | Leave a comment

CEE – Logging standard

If you are not at the log analysis mailing list, you are missing a good discussion regarding the efforts to create a new logging standard, CEE (Common Event Expression). MITRE is in charge of the process, but it is probably … Continue reading

Posted in CEE, log analysis | 5 Comments