Concepts in the Paradox

Not many people are here yet, so the conference hall seems a bit empty and low key. I went to the Building a Logging Infrastructure and Log Analysis for Security tutorial presented by Abe Singer from SDSC. The key things I brought back from this tutorial were:

1. Don’t expect to be able to parse your logs with Regex

2. Programmers create uninformative error log messages
3. Log hosts require a lot of resources
4. Everyone uses syslog/syslog-ng, even thought alternatives should be considered
5. With udp, you may not get all your logs in even ideal circumstances. tcp may exhaust a log host’s resources

I have some new tools under my belt, and when I return next week I can start putting the pieces together to redo work’s logging infrastructure.

I’ve posted a note on the message board looking for people who are using Xen or have deployed it into production. I hope I get some calls or emails from people, with the off-chance I can do a BoF on it. We shall see.

This entry was posted on Monday, December 5th, 2005 at 3:36 am and is filed under Pre-wordpress. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.