{"id":232,"date":"2007-09-14T22:34:19","date_gmt":"2007-09-14T22:34:19","guid":{"rendered":"https:\/\/defragged.org\/ossec\/?p=232"},"modified":"2020-07-02T22:34:48","modified_gmt":"2020-07-02T22:34:48","slug":"how-to-create-a-log-standard","status":"publish","type":"post","link":"https:\/\/defragged.org\/ossec\/2007\/09\/how-to-create-a-log-standard\/","title":{"rendered":"How to create a log standard"},"content":{"rendered":"\n<ol><li>Get the marketing team together for a clever name.<\/li><li>Copy and paste Microsoft\u2019s IIS W3C log format<\/li><li>Write a press release and tell the world about it<\/li><\/ol>\n\n\n\n<p>I am not joking, but&nbsp;<a href=\"http:\/\/www.openlogformat.org\/\">eIQnetworks<\/a>&nbsp;released their&nbsp;<em>Open Source Event Logging Standard<\/em>&nbsp;which fits exactly on my description above. First, they call it \u201cOpen Source\u201d. Do they know what open source means? Which OSI approved license did they use? Second, why require a registration to download it? What are they going to do with the information provided? Is it open or not? Lastly, their format is a ugly copy and paste of the Microsoft one. Look at their proposed header:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote\"><p>#Software: eIQ Open Log Format (OLF)<br>#Version: 1.1<br>#Date: 02-18-2007 12:14:25 300<br>#Fields: date time gmt-offset internalIP externalIP virtualdevice..<\/p><\/blockquote>\n\n\n\n<p>Look at Microsoft\u2019s:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote\"><p>#Software: Microsoft Internet Information Services 5.1<br>#Version: 1.0<br>#Date: 2006-10-09 02:11:51<br>#Fields: date time c-ip cs-username s-sitename s-computername<\/p><\/blockquote>\n\n\n\n<p>I will refrain from commenting further, but you can take a look at it:&nbsp;<a href=\"http:\/\/www.openlogformat.org\/\">Open Log Format<\/a>.<\/p>\n\n\n\n<p><strong>Update 1:<\/strong>Anton Chuvakin and Raffael Marty reviewed their \u201cstandard\u201d:&nbsp;<a href=\"http:\/\/chuvakin.blogspot.com\/2007\/09\/cook-your-own-log-standard-in-30.html\">chuvakin.blogspot<\/a>&nbsp;and&nbsp;<a href=\"http:\/\/raffy.ch\/blog\/2007\/09\/14\/open-log-format-what-a-great-standard-not\">raffy.ch<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Get the marketing team together for a clever name. Copy and paste Microsoft\u2019s IIS W3C log format Write a press release and tell the world about it I am not joking, but&nbsp;eIQnetworks&nbsp;released their&nbsp;Open Source Event Logging Standard&nbsp;which fits exactly on my description above. First, they call it \u201cOpen Source\u201d. Do they know what open source [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3],"tags":[],"_links":{"self":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/232"}],"collection":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/comments?post=232"}],"version-history":[{"count":1,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/232\/revisions"}],"predecessor-version":[{"id":233,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/232\/revisions\/233"}],"wp:attachment":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/media?parent=232"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/categories?post=232"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/tags?post=232"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}