但愿,明天是一个崭新的开始。
http://scnblogs.techweb.com.cn/shanglingjui/archives/tag/%E5%86%85%E5%AD%98%E8%AE%A1%E7%AE%97
http://searchsecurity.techtarget.com/definition/security-information-management-SIM
http://www.arcsight.com/products/products-logger/
http://en.wikipedia.org/wiki/Log_analysis
http://www.ultimatewindowssecurity.com/webinars/register.aspx?id=36
http://java.chinaitlab.com/advance/761308.html
http://raffy.ch/blog/2007/08/25/event-processing-normalization/
http://blog.gerhards.net/2010/02/syslog-normalization.html
http://blog.rootshell.be/2007/07/30/events-centralization-the-normalization-problem/
http://www.monitorware.com/en/logsamples/
http://thirdeye.deterlab.net/trac/browser#trunk/SAF/plugins/asciiplugins
http://thirdeye.deterlab.net/trac
http://blog.spoofed.org/2007/11/event-correlation-on-budget.html
http://yepeng.blog.51cto.com/3101105/571113
http://eromang.zataz.com/2011/09/11/arcsight-logger-file-receiver-configuration/