[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-dev] "Time Honored" Config and Converter

To: ossec-dev@xxxxxxxxxxxxxxxx
Subject: [ossec-dev] "Time Honored" Config and Converter
From: gentuxx <gentuxx@xxxxxxxxx>
Date: Tue, 22 Aug 2006 19:48:07 -0700
Content-transfer-encoding: 7bit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Daniel Cid wrote:
> 
> Inline..
>

A given for me.  ;-)  I've been on too many mailing lists, especially
*nix related ones, for far too long to top-post any more.

> 
>> What's the URL?  http://www.ossec.net/bugzilla redirects to
>> http://www.ossec.net/en/bugzilla (which is actually the same content as
>> the "Home" page) and http://bugzilla.ossec.net doesn't exist.
> 
> Sorry. It is at http://www.ossec.net/bugs/
> 

Found it.  I actually saw it when you referenced the bug RE: syscheckd
automatically ignoring after 3rd change.

> 
> 
>> Like I said in my reply to the guy in the other list, I think XML makes
>> sense for the rules.  But, if I may ask, why the config file?  Just
>> keeping everything unified?
> 
> 
> There is a valid reason. XML is meant to make the configuration easy to
> parse complex options. For example, you may have multiple "remoted"
> options or multiple active response commands/actions and it is hard to
> express that in a clean way with just a single line options.
> For example (listening for secure connections on 1514, 1515, syslog on 514
> and 515 and syslog tcp one 514).:
> 

[ ... snip config examples ... ]

> 
> Putting that in single lines is not simple. Same applies for other
> options with
> multi-values...

Makes sense.  I faced that when writing the converter.

> 
> 
> -- 
> Daniel B. Cid
> dcid ( at ) ossec.net
> 

I don't know if there's a "legitimate" reason the wiki and/or bugzilla
don't have links from the main page, or if there just hasn't been
time/priority to do it.  I've been doing "basic" web development for
about 8 years, I'd be happy to help keep the site up to date, if there's
a need.

"basic" web dev = (X)?HTML/CSS/some PHP/some perl-CGI (nothing fancy).
My personal home page:  http://gensec.no-ip.org

- --
gentux
echo "hfouvyyAhnbjm/dpn" | perl -pe 's/(.)/chr(ord($1)-1)/ge'

gentux's gpg fingerprint ==> 5495 0388 67FF 0B89 1239  D840 4CF0 39E2
18D3 4A9E
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE68HnTPA54hjTSp4RAnS0AJ476MjRgRhTwYf1aIwxur+0YTgtHwCdEmyc
JmgiXYhVhKdaJOfr1+6YWWM=
=+XWN
-----END PGP SIGNATURE-----

References:
- [ossec-dev] "Time Honored" Config and Converter
  - From: gentuxx
- [ossec-dev] Re: "Time Honored" Config and Converter
  - From: Daniel Cid
- [ossec-dev] "Time Honored" Config and Converter
  - From: gentuxx
- [ossec-dev] Re: "Time Honored" Config and Converter
  - From: Daniel Cid

Prev by Date: [ossec-dev] Re: "Time Honored" Config and Converter
Next by Date: [ossec-dev] 2 PERL ! 2 PERL
Previous by thread: [ossec-dev] Re: "Time Honored" Config and Converter
Next by thread: [ossec-dev] 2 PERL ! 2 PERL
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.