Skip to main content
SpringerLink
Log in

Using Lamport’s Logical Clocks to Consolidate Log Files from Different Sources

  • Conference paper
Innovative Internet Community Systems (IICS 2005)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 3908))

Included in the following conference series:

  • 390 Accesses

Abstract

Event logging and log files are playing an important role in system and network security. Log files record computer system activities, are used to provide requirements of reliability, security and accountability applications. Information stored in log files can be obtained from different devices, not necessarily clock synchronized, and they do not arrive in the same order they are generated. Nevertheless, log information has to be coherent in time to be useful. To support the events we propose to use Lamport’s logic clocks, originated at different sources, in a causal relationship. As a result the administrator will count all the events involved general idea in a computer incident. A model implementation is also presented.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Lamport, L.: Time, clocks, and the ordering of events in a distributed system. Communications of the ACM 27(7), 558–565 (1978)

    Article  MATH  Google Scholar 

  2. Finlayson, R.S., Chcriton, D.K.: Log files: an extended file service exploiting write-once storage. In: Proceedings of the eleventh ACM Symposium on Operating systems principles, Austin, Texas, USA, pp. 139–148 (1987)

    Google Scholar 

  3. Pitts, D.: Log Consolidation with syslog December 23, 2000, SANS Institute (2000–2002)

    Google Scholar 

  4. Ahmad, A., Ruighaver, A.B.: Design of a Network-Access Audit Log for Security Monitoring and Forensic Investigation. In: Proceedings of the 1st Australian Computer Network, Information & Forensics Conference, Perth November 24 (2003)

    Google Scholar 

  5. Internet Draft: draft-ietf-idwg-idmef-xml-12, The Intrusion Detection Message Exchange Format, IETF Intrusion Detection Exchange Format Working Group, July 8 (2004)

    Google Scholar 

  6. Gómez, R., Herrerías, J.: An example of communication between security tools: Iptables –Snort. ACM Operating Systems Revies (submitted)

    Google Scholar 

  7. Bishop, M.: A Standard Audit Trail Format. In: Proceedings of the Eighteenth National Information Systems Security Conference, October, pp. 136–145 (1995)

    Google Scholar 

  8. Allison, J.: Automated Log Processing. login: The Magazine of Usenix & Sage 27(6), 16–20 (2002)

    Google Scholar 

  9. Forte, D.V.: Log Correlation Tools and Techniques. The art of Log Correlation. In: Proceedings of ISSA 2004 SouthAfrica, and HTCIA Conference 2004, Washington DC (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. ITESM-CEM, Depto. Ciencias Computacionales, Km 3.5 Lago Guadalupe, 51296, Atizapan Zaragoza, Edo México, Mexico

    Roberto Gómez, Jorge Herrerias & Erika Mata

Authors
  1. Roberto Gómez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jorge Herrerias
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Erika Mata
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Université de Versailles-St-Quentin-en-Yvelines, 45, avenue des Etats-Unis, 78035, Versailles Cedex, France

    Alain Bui

  2. Laboratoire de Recherche en Informatique Avancée, Université Paris 8, France

    Marc Bui

  3. Institut für Mathematik, Technische Universität Ilmenau, 98683, Ilmenau, Germany

    Thomas Böhme

  4. Computer Science Dept., University of Rostock, 18051, Rostock, Germany

    Herwig Unger

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Gómez, R., Herrerias, J., Mata, E. (2006). Using Lamport’s Logical Clocks to Consolidate Log Files from Different Sources. In: Bui, A., Bui, M., Böhme, T., Unger, H. (eds) Innovative Internet Community Systems. IICS 2005. Lecture Notes in Computer Science, vol 3908. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11749776_11

Download citation

  • DOI: https://doi.org/10.1007/11749776_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-33973-1

  • Online ISBN: 978-3-540-33974-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation