tag:blogger.com,1999:blog-4088979.post7473078317722929321..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: I Am Not Anti-LogRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger8125tag:blogger.com,1999:blog-4088979.post-29462329090228942572007-06-14T10:12:00.000-04:002007-06-14T10:12:00.000-04:00This comment has been removed by a blog administrator.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-74911783552542076822007-01-31T18:13:00.000-05:002007-01-31T18:13:00.000-05:00..it's log, it's log. It's big, it's heavy, it's w.....it's log, it's log. It's big, it's heavy, it's wood...<br /><br />Sorry.. just couldn't fight the urge.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-5935101780945986872007-01-31T15:12:00.000-05:002007-01-31T15:12:00.000-05:00The value is not in the data, but in the structure...<b>The value is not in the data, but in the structure</b><br /><i>Years ago, some clever person calculated that if you reduce human beings to their components of carbon, hydrogen, oxygen, and nitrogen atoms, they would be worth only 97 cents. However droll this assessment, it's misleading. People aren't composed of mere isolated collections of atoms. Our atoms combine into enzymes, proteins, hormones, and many other substances that would cost millions of dollars per ounce on the pharmaceutical market. The precise structure of these combinations of atoms is what gives them greater value. By analogy, database structure makes possible the interpretation of seemingly meaningless data. The structure brings to the surface patterns, trends, and tendencies in the data. Unstructured data -- like uncombined atoms -- has little or no value.</i><br />-- SQL For Dummies 6th edition<br /><br />I found this an interesting quote I read today. The more structure the data, the more valuable it is. Flat text files such as logs have little or no structure compared to NSM data when put into a database, and thus aren't as valuable.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-16342967037523209672007-01-31T13:21:00.000-05:002007-01-31T13:21:00.000-05:00That makes sense, thanks Richard.That makes sense, thanks Richard.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-42607945046703651702007-01-31T12:59:00.000-05:002007-01-31T12:59:00.000-05:00The transcript was created using Tcpflow, which Sg...The transcript was created using Tcpflow, which Sguil calls to rebuild the full content from the session or alert of interest.Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-4527942190315267852007-01-31T12:58:00.000-05:002007-01-31T12:58:00.000-05:00I said I was worried because I saw one alert, not ...I said I was worried because I saw <b>one</b> alert, not <b>one hundred</b>. 100 indicates a loose signature, while 1 indicates a tight signature.Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-42408814566898263252007-01-31T12:57:00.000-05:002007-01-31T12:57:00.000-05:00Richard,
What can you tell us about that utility ...Richard,<br /><br />What can you tell us about that utility that looks like it's written in Tcl shown in blog_log_case_transcript.jpg?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-65243348322631096472007-01-31T12:44:00.000-05:002007-01-31T12:44:00.000-05:00Good post, however, I don't understand why you wou...Good post, however, I don't understand why you would of liked to of seen a lot of alerts instead of just one. Can you help me to understand why?Anonymousnoreply@blogger.com