Using lamport's logical clocks to consolidate log files from different sources

Authors:
Roberto Gómez;Jorge Herrerias;Erika Mata
Affiliations:
ITESM-CEM, Depto. Ciencias Computacionales, Atizapan Zaragoza, Edo México, Mexico;ITESM-CEM, Depto. Ciencias Computacionales, Atizapan Zaragoza, Edo México, Mexico;ITESM-CEM, Depto. Ciencias Computacionales, Atizapan Zaragoza, Edo México, Mexico
Venue:
IICS'05 Proceedings of the 5th international conference on Innovative Internet Community Systems
Year:
2005

Citing 3
Cited 0

Log files: an extended file service exploiting write-once storage

SOSP '87 Proceedings of the eleventh ACM Symposium on Operating systems principles
Time, clocks, and the ordering of events in a distributed system

Communications of the ACM
An example of communication between security tools: iptables - snort

ACM SIGOPS Operating Systems Review

Quantified Score

Hi-index	0.00

Visualization

Abstract

Event logging and log files are playing an important role in system and network security. Log files record computer system activities, are used to provide requirements of reliability, security and accountability applications. Information stored in log files can be obtained from different devices, not necessarily clock synchronized, and they do not arrive in the same order they are generated. Nevertheless, log information has to be coherent in time to be useful. To support the events we propose to use Lamport's logic clocks, originated at different sources, in a causal relationship. As a result the administrator will count all the events involved general idea in a computer incident. A model implementation is also presented.