Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
RAID
1999
Springer
1999
Springer
Audit logs: to keep or not to keep?
We approached this line of inquiry by questioning the conventional wisdom that audit logs are too large to be analyzed and must be reduced and filtered before the data can be analyzed or stored. The audit facilities of contemporary operating systems (Solaris, Windows NT) do not suit the needs of intrusion detection systems (IDS) well. Many types of computers (e.g., small, mobile, or embedded systems) do not have sufficient resources for conventional audit logging facilities. Our research proposes to create separate audit facilities to serve intrusion detection systems (IDS) and to meet the needs of long-term storage (archival) of audit logs. In general, IDS want to characterize activity at the level of users, sessions and application transactions while gs present activity at the system call, process and network packet level of abstraction. Users do not want audit processing to detract from application performance. Thus, we are constructing audit processing modules in the kernel that p...
Real-time TrafficAudit | Audit Facilities | Audit Log | Computer Networks | RAID 1999 |
Related Content
| Added | 04 Aug 2010 |
| Updated | 04 Aug 2010 |
| Type | Conference |
| Year | 1999 |
| Where | RAID |
| Authors | Christopher Wee |
Comments (0)
Researcher Info
|
