guest post — Brian Singer, security solutions marketing manager, Identity & Security, Novell
Recently, a privately held log management vendor, LogLogic, announced that they were interested in having their proprietary log transportation and storage protocol become an industry standard. This is clearly a self-serving power grab with very little substance behind it. LogLogic is doing nothing more than taking a proprietary protocol they have created and attempting to co-opt industry attention by claiming they are making it an open standard.
Novell welcomes open standards and has a long history of working with other vendors to create and support open standards. Standards are not created overnight, and take a lot more than a creative acronym to pull off. Developing an open standard requires buy-in from other industry players with significant marketshare. Last I checked, LogLogic was not exactly the market leader in SIEM. Perhaps, they are thinking, their standard is such a feat of engineering that other SIEM vendors will clamor to adopt it? Not likely as the other large players in the SIEM industry have invested significant sums in optimizing their log collection and storage protocols for their particular architectures. Any amount of re-architecting around the LogLogic protocol would take years and give LogLogic such an advantage that no vendor in their right mind would pursue it.
The fact is, true industry standards exist or are already being worked on. Syslog has been around for a long time, for all its perceived faults. There are two emerging efforts – XDAS by The Open Group and CEE by MITRE – that are working hard to create cross-platform, cloud-interoperable standards that have a real chance of being adopted by the entire industry. Novell is directly involved in both efforts. Both of these are true, non-proprietary, open standards that address forward looking challenges. If LogLogic was truly serious about working with the vendor community to create a real open standard, they would contribute to these projects rather than simply trying to spin their own, proprietary standard into an open standard.