[siem-users] Testing

Raffael Marty raffy at loggly.com
Tue Dec 21 20:56:44 UTC 2010 

Well, that's a good question. What's a standard? Is it a standard if someone calls it that or is it a standard if everyone implements it. I think it's the latter. Do I think it will get broad adoption? Not sure. I think it is a proposed standard that makes a lot of sense, it's simple to implement and it will help developers (producers) and consumers of the logs a lot. In terms of generating meaningful and complete log records. Also in terms of well consumable log record that make correlation easier.

Especially the logging recommendations are going to be a great help for all types of devices to make sure they log the at the right places (log the right events) and log enough information for each of those events.

Sorry for the long winded answer, but adoption is going to be a huge effort and we need everyones help to get it out there. We have RedHat and Microsoft on the board. Hope that will help!

  Raffael

--
Raffael Marty                        Founder and President @ Loggly
@zrlram                                              about.me/raffy

On Dec 21, 2010, at 12:50 PM, Lance James wrote:

> Do you guys feel that it will become a standard syntax/format?
> 
> On Tue, Dec 21, 2010 at 3:41 PM, Raffael Marty <raffy at loggly.com> wrote:
> I am on the board of CEE. We have released some overview documents at this point. We are currently working on releasing a draft for the syntax and then one for the taxonomy part of the proposed standard. We have the syntax proposal almost done. I am assuming we will release that early next year.
> 
> Nobody is using CEE in production yet. Except for rsyslog that has a reference implementation to format logs in CEE, but it's preliminary and might still change once CEE is coming out with a first actual version.
> 
> If there are developers that are interested, we are happy to share what we have and collect input.
> 
> Thanks
> 
>  Raffael
> 
> --
> Raffael Marty                        Founder and President @ Loggly
> @zrlram                                              about.me/raffy
> 
> On Dec 21, 2010, at 12:32 PM, Lance James wrote:
> 
> > Hi guys,
> >
> > Anyone familiar with Mitre's proposed CEE yet, or it's status? Is this being used today for any log correlation?
> >
> > On Tue, Nov 2, 2010 at 11:19 AM, Jason Arrington <jarrington at novell.com> wrote:
> > I thought I'd send a test message through the mailing list to make sure the registration worked OK.
> >
> > _______________________________________________
> > Discussion mailing list
> > Discussion at siemusers.org
> > http://siemusers.org/mailman/listinfo/discussion_siemusers.org
> >
> >
> >
> >
> > --
> > Lance James
> > Secure Science Corporation
> > Office: 760-262-4141
> > lancej at securescience.net
> > PGP Fingerprint: 90E8 BECC 4F3A 0F1A 7F8B 6960 51F6 1704 F92B 6CED
> > _______________________________________________
> > Discussion mailing list
> > Discussion at siemusers.org
> > http://siemusers.org/mailman/listinfo/discussion_siemusers.org
> 
> 
> _______________________________________________
> Discussion mailing list
> Discussion at siemusers.org
> http://siemusers.org/mailman/listinfo/discussion_siemusers.org
> 
> 
> 
> -- 
> Lance James
> Secure Science Corporation
> Office: 760-262-4141
> lancej at securescience.net
> PGP Fingerprint: 90E8 BECC 4F3A 0F1A 7F8B 6960 51F6 1704 F92B 6CED

More information about the Discussion mailing list