eIQnetworks, Inc. has announced Open Log Format, the industry's first open source event-logging standard. Unlike proprietary standards, the multi vendor-supported OLF promotes interoperability that enables organizations to more easily manage and understand the log data collected from network devices, systems, and applications. OLF does not require certification and is available for any vendor or organization to adopt at no cost. A number of vendors including Astaro, Clavister, Cyberoam, iPolicy Networks, Secure Computing, and Top Layer Networks have pledged support for the OLF standard. OLF is available for immediate download at http://www.openlogformat.org/.

OLF provides a fully extensible open source event-logging standard across all devices, systems, and applications that vendors can adopt to support logging requirements. Vendors and end users can also add additional log details to showcase specific solution functionality. eIQnetworks promotes the ability of OLF to alleviate concerns around log-format compatibility with existing SIM technologies, and obviate the need to create custom connectors to integrate and interpret vendor-specific logs, as is the case with proprietary log formats.

Evolving security challenges coupled with compliance and regulatory mandates have made it essential for organizations to collect, monitor, and analyze log data across the enterprise. Unfortunately each device, system, and application uses a unique and proprietary format, making it almost impossible to decipher log data. OLF offers the industry an alternative that eases the log collection and management process. Event logging is essentially the plumbing of Security Information Management. A Holy Grail of sorts has always been the ability to perform correlation analysis across the variety of sensors and devices that accumulate log data. Larger software vendors in particular have tried to implement management suites that help to make sense of the mounds and mounds of data that is thrown off by security devices in particular. Analysis of complex, heterogeneous data is a nightmare and we are a strong believer in the need for standardization of event data to facilitate analysis and information sharing.

As the nature of attacks and threats continues to morph, adapt, and accelerate in variety, defenders will have to be equally cagey in minimizing their vulnerability to attack. A standard also has the potential of significantly reducing the cost of analysis by minimizing the need for expensive proprietary connectors for vendor-specific logs. We applaud the efforts of eIQnetworks and hope that larger, more entrenched vendors will adopt such standards to benefit the industry as a whole.