Project

General

Profile

Feature #125

log to syslog as well

Added by about 13 years ago. Updated almost 10 years ago.

Status:
Closed
Priority:
Normal
Target version:
Start date:
Due date:
% Done:

0%

Resolution:
invalid

Description

If syslog output was provided alerts could be processed though SEC (simple event correlator) will no effort. This would allow for very powerful processing of alerts.

Otherwise, basic SEC rules should be provided for the XML log format.

History

#1 Updated by about 13 years ago

  • Status changed from New to Closed
  • Resolution set to invalid

I don't think that adding syslog output for this one purpose would be worthwhile.
However, after looking over the SEC information at http://kodu.neti.ee/~risto/sec/, I'm intrigued by the idea of using SEC to provide correlation capabilities to Prelude, so I'll explore using it in conjunction with the XML output, then see what I can do about getting it fed back into Prelude-Manager.

#2 Updated by Yoann VANDOORSELAERE about 13 years ago

Moreover generated syslog line would end up being very long due to the number of available IDMEF fields, which would break one of the syslog requirement that line should be no longer than 1024 characters.

#3 Updated by Yoann VANDOORSELAERE almost 10 years ago

  • Project changed from PRELUDE SIEM to Prelude Manager
  • Category deleted (3)
  • Target version deleted (0.9.2)

Also available in: Atom PDF