[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-dev] Re: "Time Honored" Config and Converter
- To: ossec-dev@xxxxxxxxxxxxxxxx
- Subject: [ossec-dev] Re: "Time Honored" Config and Converter
- From: "Daniel Cid" <dcid@xxxxxxxxx>
- Date: Tue, 22 Aug 2006 22:45:12 -0300
- Content-disposition: inline
- Content-transfer-encoding: 7bit
Inline..
What's the URL? http://www.ossec.net/bugzilla redirects to
http://www.ossec.net/en/bugzilla (which is actually the same content as
the "Home" page) and http://bugzilla.ossec.net doesn't exist.
Sorry. It is at http://www.ossec.net/bugs/
Like I said in my reply to the guy in the other list, I think XML makes
sense for the rules. But, if I may ask, why the config file? Just
keeping everything unified?
There is a valid reason. XML is meant to make the configuration easy to
parse complex options. For example, you may have multiple "remoted"
options or multiple active response commands/actions and it is hard to
express that in a clean way with just a single line options.
For example (listening for secure connections on 1514, 1515, syslog on 514
and 515 and syslog tcp one 514).:
<remote>
<connection>secure</connection>
<port>1514</port>
</remote>
<remote>
<connection>syslog</connection>
<port>514</port>
<protocol>tcp</protocol>
</remote>
<remote>
<connection>syslog</connection>
<port>514</port>
<protocol>udp</protocol>
</remote>
<remote>
<connection>syslog</connection>
<port>515</port>
<protocol>udp</protocol>
</remote>
<remote>
<connection>secure</connection>
<port>1515</port>
</remote>
Putting that in single lines is not simple. Same applies for other options with
multi-values...
--
Daniel B. Cid
dcid ( at ) ossec.net
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.