[Nodebrain-users] RE: project interest
Rule Engine for State and Event Monitoring
Brought to you by:
trettevik
Menu
▾
▴
[Nodebrain-users] RE: project interest
|
From: Trettevik, Ed A <ed....@bo...> - 2003-03-10 23:34:37
|
Thank you for the comments. A project request to include a makefile has = been entered. With respect to SSL, it may be a better way to go, = especially if major deficiencies are discovered in the NodeBrain = encryption code. The current design was selected before deciding to go = open source with NodeBrain. At that time, I wanted to have full control = and independence. I didn't want to have something larger than needed = and possibility more difficult to port to new platforms, or something = that might go through revisions that NodeBrain would have to chase. I = assumed any approach other than writing it myself would introduce these = problems, which may not be correct for SSL implementations. And, after = all, NodeBrain is dependent on a C compiler and libraries, so what's = another library? I will reconsider this issue if there are security = deficiencies in the current method or it makes it less attractive for = use by others. Thanks for bringing up this question. Ed Trettevik <ea...@no...> -----Original Message----- From: Benoit DOLEZ [mailto:bd...@an...] Sent: Monday, March 10, 2003 1:08 AM To: nod...@li... Cc: Trettevik, Ed A Subject: RE: project interest Hi, Thank for your mail. Your examples will help me in building rules... About the count of line, it was a bad example. I have many sort of data source: - syslog files - virus log files - host monitoring (delay, up/down, ...) - ... And I have to centralize these data for many servers. For the moment, I use echelog but I have to run my own script to split mesure and put them in rrdtool db, split syslog lines to retrieve number of email/days, to look at rejected/accepted/dropped lines in firewall netfilter logs and more ... For now, I don't known how doing correlation rules with these data. With a friend, we have defined a language that have many common points with yours. We are thinking this is not a good idea to rebuild a project that exist. So I prefer to test and give you new ideas / patch to put on your project. I do that for echelog project and I think it is a work = fine. I do not want to run a undetermined number of processus on the log = server and perl is very heavy for memory and cpu. I have read all of your doc (very good work), but my are you using your own encryption, why don't you use SSL with certificates to identify hosts? I propose to build a Makefile. All your source files are loaded in a the = nb.c. Is it in your todo list? Benoit --=20 Benoit DOLEZ GSM: +33 6 21 05 91 69 mailto:bd...@an... |