[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-dev] Re: A few feature requests
- To: "Daniel Cid" <dcid@xxxxxxxxx>
- Subject: [ossec-dev] Re: A few feature requests
- From: "Jeff Schroeder" <jeffschroed@xxxxxxxxx>
- Date: Thu, 2 Aug 2007 20:52:09 -0700
- Cc: ossec-dev@xxxxxxxxxxxxxxxx
- Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=J/eMZEKbDFR2v0jjGRQQ+S5c1eLQniy0xjxC9xB9oFqRPCpiDns8kx28/Raea7hYnLTGTXkx/JZcgJndNWxUd5ORuL12WkmzkeGZLlQqOq/TJG/7QcjJKcDDAdg2G5jV8FxIiFB+31qpEhClpYpM+FLjdHQAQNKcHotlXswRtT8=
I've got a perl tool that does 90% of what I was asking for. It writes
the client.keys and does everything (base 64 encode/decode. I figured
out how it worked with strace and looking at the manage_keys.c code.
Yes, I meant you put in a hostname as the agent name and then it
automaticly looks up the hostname. When you have > 100 hosts, it
doesn't make sense to do it any other way. In C, the function is
gethostbyname(3). I'll release the perl script in a day or so that
writes and reads clients.keys when I'm totally finished.
Since you made the wiki ONLY editable by people that you approve, can
you enable file uploads? That way, we can upload perl scripts or
whatnot that extend the functionality os ossec?
Thanks for the quick response! It doesn't look like it is ready yet,
but in 6 months or so, I think my team will be switching from samhain
/ sec.pl and a custom log processor (anomaly detection based) to
entirely ossec.
Thanks for such an awesome application!
Jeff Schroeder
Don't drink and derive, alcohol and analysis don't mix.
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.