Event 'consolidation' (or not)

[Mark Poepping <poepping () CMU EDU>]

EDDY is another effort related to this space:
  http://www.cmu.edu/eddy
  http://middleware.internet2.edu/e2ed

It was designed to apply for any logging use and is being created
specifically to normalize and manage the orchestration of whatever events
you have, application log files, IDS alerts, network flow data, etc.  In
this way, it essentially provides a platform and infrastructure to bring
events together as you want to create whatever analytics you need
(accounting, correlation, visualization, diagnostics, etc).

The important points are:
 . there is a beta java framework that you can download now to begin
experiments if you like.  While it's still early in the development cycle,
you can download a working version, and since we'd started with argus flow
record rates, this release can handle over 5K events/sec.
 . at this point, EDDY is more technology than product, as an open-source
distro in beta form, it's not turnkey, but the capabilities and generality
extend far beyond anything currently in product.
 . there are few analytic methods included in this release, but once you
have a common data representation, it will be easier to write better, more
extensible analytics and bring wider data sources to them
 . "orchestration" is a very important point here - EDDY allows for some
very creative options for moving data around, holding it, storing it, or
throwing it away...
 . there is much more information, presentations, etc available at the web
site, and I encourage you to check it out.  There are the usual mailing
lists and contact info there too, and we welcome your input.

Mark Poepping

Attachment: smime.p7s
Description: