log to syslog as well
If syslog output was provided alerts could be processed though SEC (simple event correlator) will no effort. This would allow for very powerful processing of alerts.
Otherwise, basic SEC rules should be provided for the XML log format.
#1 Updated by over 17 years ago
- Status changed from New to Closed
- Resolution set to invalid
I don't think that adding syslog output for this one purpose would be worthwhile.
However, after looking over the SEC information at http://kodu.neti.ee/~risto/sec/, I'm intrigued by the idea of using SEC to provide correlation capabilities to Prelude, so I'll explore using it in conjunction with the XML output, then see what I can do about getting it fed back into Prelude-Manager.
#2 Updated by Yoann VANDOORSELAERE over 17 years ago
Moreover generated syslog line would end up being very long due to the number of available IDMEF fields, which would break one of the syslog requirement that line should be no longer than 1024 characters.
#3 Updated by Yoann VANDOORSELAERE about 14 years ago
- Project changed from PRELUDE SIEM to Prelude Manager
- Category deleted (
- Target version deleted (