[Mod-security-developers] Implementing IDMEF

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello,

We are interested in implementing the IDMEF format in modsecurity.

For those of you who don’t know it yet, IDMEF is a data format defined 
in the RFC 4765.

That would mean adding an option to avoid regular log and, instead, 
directly send IDMEF alerts to a prelude manager.

We are working on this project in the context of our student’s project.

Is it adequate to add a new module? Do you have any 
idea/advice/suggestion as to where we can fetch the information? Or do 
you have some complementary documentation about how the code is organized?

Thank you very much in advance!

Vérène