CSN08: You Can't Correlate What You Don't Have

Document created by beleslie on Apr 9, 2012Last modified by beleslie on Jul 8, 2014
Version 3Show Document
  • View in full screen mode

You Can't Correlate What You Don't Have
: Scott Carlson, Strategic Projects Architect, Apollo Group  and Rick Yetter, Systems Administrator, Apollo Group

This session will discuss obtaining real-time events from servers and networks devices using syslog, SNARE, and other logging functionality. Scenarios will be presented that address the need to double-send logs to multiple ArcSight ESM instances in alternate data centers, and how to develop an effective strategy prior to deployment. An understanding of Unix/Windows event handling and syslog will be helpful in getting the most out of this session.