You Can't Correlate What You Don't Have
Speaker: Scott Carlson, Strategic Projects Architect, Apollo Group and Rick Yetter, Systems Administrator, Apollo Group
This session will discuss obtaining real-time events from servers and networks devices using syslog, SNARE, and other logging functionality. Scenarios will be presented that address the need to double-send logs to multiple ArcSight ESM instances in alternate data centers, and how to develop an effective strategy prior to deployment. An understanding of Unix/Windows event handling and syslog will be helpful in getting the most out of this session.