Event Correlation Language Reference

LogLogic Event Correlation Language (ECL) is effective in finding patterns in a given set of logs.

ECL is able to describe searches that are a bit complex for the regular EQL, especially when there is a need to join several types of events. Rules described in ECL can be used for advanced forensics searches and also for real-time alerting.

Contents

Index

Search Results

Event Correlation Language Reference