[cgl_discussion] FYI - PoC Tracking Sheets updated
Fleischer, Julie N
julie.n.fleischer at intel.com
Mon Jun 23 14:34:16 PDT 2003
> Hi, Julie
> I have done some evaluation for "antomated log analysis",
> I notice in this sheet, it is said the LogWatch do not
> have alarms capability. I'm not quite sure
> about what alerm means. Does email belong an alerm?
> LogWatch has email function. Can this
> meet the requirment?
Ling Xiaofeng -
I view an alarm as an alert that happens in direct response to suspicious activity. Email is an acceptable method for generating an alarm; however, my interpretation of LogWatch was that it could not email in direct response to suspicious activity. Instead, LogWatch sends the owner a report at a regularly scheduled time (and it's up to the owner to do the "analysis" of seeing if there is suspicious activity). Swatch, on the other hand, can be configured to email the owner as soon as the word "unauthorized," for example, is seen in a log file.
**These views are not necessarily those of my employer.**
More information about the cgl_discussion