Abstract
Event logging and log files are playing an important role in system and network security. Log files record computer system activities, are used to provide requirements of reliability, security and accountability applications. Information stored in log files can be obtained from different devices, not necessarily clock synchronized, and they do not arrive in the same order they are generated. Nevertheless, log information has to be coherent in time to be useful. To support the events we propose to use Lamport’s logic clocks, originated at different sources, in a causal relationship. As a result the administrator will count all the events involved general idea in a computer incident. A model implementation is also presented.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Lamport, L.: Time, clocks, and the ordering of events in a distributed system. Communications of the ACM 27(7), 558–565 (1978)
Finlayson, R.S., Chcriton, D.K.: Log files: an extended file service exploiting write-once storage. In: Proceedings of the eleventh ACM Symposium on Operating systems principles, Austin, Texas, USA, pp. 139–148 (1987)
Pitts, D.: Log Consolidation with syslog December 23, 2000, SANS Institute (2000–2002)
Ahmad, A., Ruighaver, A.B.: Design of a Network-Access Audit Log for Security Monitoring and Forensic Investigation. In: Proceedings of the 1st Australian Computer Network, Information & Forensics Conference, Perth November 24 (2003)
Internet Draft: draft-ietf-idwg-idmef-xml-12, The Intrusion Detection Message Exchange Format, IETF Intrusion Detection Exchange Format Working Group, July 8 (2004)
Gómez, R., Herrerías, J.: An example of communication between security tools: Iptables –Snort. ACM Operating Systems Revies (submitted)
Bishop, M.: A Standard Audit Trail Format. In: Proceedings of the Eighteenth National Information Systems Security Conference, October, pp. 136–145 (1995)
Allison, J.: Automated Log Processing. login: The Magazine of Usenix & Sage 27(6), 16–20 (2002)
Forte, D.V.: Log Correlation Tools and Techniques. The art of Log Correlation. In: Proceedings of ISSA 2004 SouthAfrica, and HTCIA Conference 2004, Washington DC (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gómez, R., Herrerias, J., Mata, E. (2006). Using Lamport’s Logical Clocks to Consolidate Log Files from Different Sources. In: Bui, A., Bui, M., Böhme, T., Unger, H. (eds) Innovative Internet Community Systems. IICS 2005. Lecture Notes in Computer Science, vol 3908. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11749776_11
Download citation
DOI: https://doi.org/10.1007/11749776_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-33973-1
Online ISBN: 978-3-540-33974-8
eBook Packages: Computer ScienceComputer Science (R0)