I would like to create log messages that would be used for log analysis using Splunk such as checking for occurence of Denial of Service attacks. What would be the best logging practices for that as in what are the most important information that i should be displaying in the log messages???
asked 19 Apr '12, 19:24
This is a good place for getting started:
In addition, naming field according to the CIM (Common Information Model) would be a good idea:
answered 19 Apr '12, 23:00