RE: audit trail standards

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Gene Spafford: "Re: Seeking details on KM"
• Previous message: Abdelaziz MOUNJI : "Re: Timeline description of IDS"

Hello,

	I traced the discussions on IDS mailing list about audit data format
	standardization. I think that the standard would be very useful indeed
	to achieve universalilty of audit trail analysis tools. 

	In my project ASAX (Advanced Security audit trail Analysis on uniX) we
	developped a universal tool for efficient and powerful analysis of 
	audit trails. In fact our approach applies to any sequential file. 
	However, universality is achieved by adapting the native audit trail
	to a canonical format. The approach uses a rule-based language tailor-
	made to sequential analysis of (huge) files. 

	(See my previous posting on ASAX) 

	Our canonical format (NADF normalized audit data format) is close to the
        BER. Assuming that an audit record is a collection of audit data, its  
 	conversion to NADF amounts (briefly said) to replace each audit data by
	a triple: 


		(identifier,   length,    value)
		<--------->   <------>   <----->
		  2 bytes       2bytes    length  


  
	In your posting to the above list, you suggested to post the 
	specification of the standard. I am very interested by this and also
	by documents on talks you made at IDS workshops. Any related material or
	pointers are wanted. 

Aziz-

---------------------------------------------------------------
	Abdelaziz Mounji,
	Institut d'Informatique,
	Advanced Security audit trail Analysis on uniX (ASAX)
	Facultes Universitaires de Namur (F.U.N.D.P.),
	rue Grandgagnage, 21
	B-5000			Namur
	Belgium
	Tel:	+32 81 724987	(Office)
		+32 81 221803	(Home)
	Fax:	+32 81 724967
	E-mail:	amo@info.fundp.ac.be





	

	 

• Next message: Gene Spafford: "Re: Seeking details on KM"
• Previous message: Abdelaziz MOUNJI : "Re: Timeline description of IDS"