ABSTRACT
In addition to traditional security devices such as firewalls and intrusion detection systems, most systems
on a typical network are capable of generating security events. Examples of security events include
authentication events, audit events, intrusion events, and anti-virus events, and these events are usually
stored in operating system logs, security logs or database tables.