CSN08: You Can't Correlate What You Don't Have

Document created by beleslie on Aug 29, 2011Last modified by beleslie on Jul 8, 2014
Version 5Show Document
  • View in full screen mode

You Can't Correlate What You Don't Have
Scott Carlson, Strategic Projects Architect, Apollo Group and Mark Ulmer, Senior Systems Engineer, Apollo Group

This session will discuss obtaining real-time events from servers and network devices using syslog, SNARE, and other logging functionality. Scenarios will be presented that address the need to double-send logs to multiple ArcSight ESM instances in alternate data centers, and how to develop an effective strategy prior to deployment. An understanding of Unix/Windows event handling and syslog will be helpful in getting the most out of this session.