Using Lamport’s Logical Clocks to Consolidate Log Files from Different Sources
Event logging and log files are playing an important role in system and network security. Log files record computer system activities, are used to provide requirements of reliability, security and accountability applications. Information stored in log files can be obtained from different devices, not necessarily clock synchronized, and they do not arrive in the same order they are generated. Nevertheless, log information has to be coherent in time to be useful. To support the events we propose to use Lamport’s logic clocks, originated at different sources, in a causal relationship. As a result the administrator will count all the events involved general idea in a computer incident. A model implementation is also presented.
KeywordsIntrusion Detection Intrusion Detection System Text Line Internal Clock Network Address Translation
Unable to display preview. Download preview PDF.
- 2.Finlayson, R.S., Chcriton, D.K.: Log files: an extended file service exploiting write-once storage. In: Proceedings of the eleventh ACM Symposium on Operating systems principles, Austin, Texas, USA, pp. 139–148 (1987)Google Scholar
- 3.Pitts, D.: Log Consolidation with syslog December 23, 2000, SANS Institute (2000–2002)Google Scholar
- 4.Ahmad, A., Ruighaver, A.B.: Design of a Network-Access Audit Log for Security Monitoring and Forensic Investigation. In: Proceedings of the 1st Australian Computer Network, Information & Forensics Conference, Perth November 24 (2003)Google Scholar
- 5.Internet Draft: draft-ietf-idwg-idmef-xml-12, The Intrusion Detection Message Exchange Format, IETF Intrusion Detection Exchange Format Working Group, July 8 (2004)Google Scholar
- 6.Gómez, R., Herrerías, J.: An example of communication between security tools: Iptables –Snort. ACM Operating Systems Revies (submitted)Google Scholar
- 7.Bishop, M.: A Standard Audit Trail Format. In: Proceedings of the Eighteenth National Information Systems Security Conference, October, pp. 136–145 (1995)Google Scholar
- 8.Allison, J.: Automated Log Processing. login: The Magazine of Usenix & Sage 27(6), 16–20 (2002)Google Scholar
- 9.Forte, D.V.: Log Correlation Tools and Techniques. The art of Log Correlation. In: Proceedings of ISSA 2004 SouthAfrica, and HTCIA Conference 2004, Washington DC (2004)Google Scholar