log to syslog as well
If syslog output was provided alerts could be processed though SEC (simple event correlator) will no effort. This would allow for very powerful processing of alerts.
Otherwise, basic SEC rules should be provided for the XML log format.
#1 Updated by about 13 years ago
- Status changed from New to Closed
- Resolution set to invalid
I don't think that adding syslog output for this one purpose would be worthwhile.
However, after looking over the SEC information at http://kodu.neti.ee/~risto/sec/, I'm intrigued by the idea of using SEC to provide correlation capabilities to Prelude, so I'll explore using it in conjunction with the XML output, then see what I can do about getting it fed back into Prelude-Manager.