@techreport{oai:ipsj.ixsq.nii.ac.jp:00197582,
 author = {Motoyuki, Ohmori and Motoyuki, Ohmori},
 issue = {1},
 month = {Jun},
 note = {Computer security has been getting more attentions because a computer security incident may cause great damage on an organization. In order to quickly and properly detect and /or handle a computer security incident, ones may need store logging messages of network equipment and servers as many as possible. These logging messages then require a large size of storage while these logging messages are not so useful during daily normal operations. It is then better to minimize sizes of logging files as much as possible. On the other hand, ones may need to retrieve a specific logging message on a computer security incident, and its retrieval time should be shorter as much as possible. It is then necessary to solve this dilemma between a smaller storage size and shorter retrieval time. To this end, this paper proposes a new logging system dedicated for a computer security incident response. The proposed logging system is designed based upon natures of logging messages which are required for a computer security incident response. This paper firstly tries to find features of logging messages for a computer security incident response. For example, newer logging messages should be retrieved shorter than older logging messages, and all logging messages are in time series. This paper also tries to design a new logging system architecture dedicated for a computer security incident response while logging messages in todays' logging systems are stored in generic database like RDBMS or in text files consisting of raw syslog messages., Computer security has been getting more attentions because a computer security incident may cause great damage on an organization. In order to quickly and properly detect and S/or handle a computer security incident, ones may need store logging messages of network equipment and servers as many as possible. These logging messages then require a large size of storage while these logging messages are not so useful during daily normal operations. It is then better to minimize sizes of logging files as much as possible. On the other hand, ones may need to retrieve a specific logging message on a computer security incident, and its retrieval time should be shorter as much as possible. It is then necessary to solve this dilemma between a smaller storage size and shorter retrieval time. To this end, this paper proposes a new logging system dedicated for a computer security incident response. The proposed logging system is designed based upon natures of logging messages which are required for a computer security incident response. This paper firstly tries to find features of logging messages for a computer security incident response. For example, newer logging messages should be retrieved shorter than older logging messages, and all logging messages are in time series. This paper also tries to design a new logging system architecture dedicated for a computer security incident response while logging messages in todays' logging systems are stored in generic database like RDBMS or in text files consisting of raw syslog messages.},
 title = {A Design of a Logging System for a Computer Security Incident Response},
 year = {2019}
}