You Can't Correlate What You Don't Have
Speakers: Scott Carlson, Strategic Projects Architect, Apollo Group and Mark Ulmer, Senior Systems Engineer, Apollo Group
This session will discuss obtaining real-time events from servers and network devices using syslog, SNARE, and other logging functionality. Scenarios will be presented that address the need to double-send logs to multiple ArcSight ESM instances in alternate data centers, and how to develop an effective strategy prior to deployment. An understanding of Unix/Windows event handling and syslog will be helpful in getting the most out of this session.