CSN08: You Can't Correlate What You Don't Have

Document created by beleslie on Aug 29, 2011Last modified by beleslie on Jul 8, 2014
Version 5Show Document
  • View in full screen mode

CSN08
You Can't Correlate What You Don't Have
Speakers:
Scott Carlson, Strategic Projects Architect, Apollo Group and Mark Ulmer, Senior Systems Engineer, Apollo Group

This session will discuss obtaining real-time events from servers and network devices using syslog, SNARE, and other logging functionality. Scenarios will be presented that address the need to double-send logs to multiple ArcSight ESM instances in alternate data centers, and how to develop an effective strategy prior to deployment. An understanding of Unix/Windows event handling and syslog will be helpful in getting the most out of this session.

 

 

Outcomes