Re: [Rman-devel] Re: Automatic response on a per sensor/per rule
Status: Alpha
Brought to you by:
mvevers
Menu
▾
▴
Re: [Rman-devel] Re: Automatic response on a per sensor/per rule
|
From: Mark V. <ma...@ve...> - 2002-09-20 10:32:42
|
=2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mike, On Thursday 19 Sep 2002 11:50, Michael Boman wrote: > Come think of one more autoresponder: rule tagging could be concider a > response if you want to do it selective based on rule/sensor level... > Basicly this can be used to add options to any rule you want to just chan= ge > for certain sensors... Probably true - but I need to think about rule tagging and logging a bit mo= re=20 =2D - anyway creative users can probably think of ways to do it as you sugg= ested. > There is a few tricks and tips mentioned at > http://www.lugs.org.sg/downloads/iptables-july-2002.tar.gz Thanks - I'll have a look. > > > Anyway, so far I've got this: > > CREATE TABLE `rman_responders` ( > `responder_id` int(11) NOT NULL auto_increment, > `name` varchar(255) NOT NULL, > `description` blob, > PRIMARY KEY (`responder_id`) > ) TYPE=3DMyISAM; > > CREATE TABLE `rman_responses` ( > `response_id` int(11) NOT NULL auto_increment, > `responder_id` int(11) NOT NULL, > `description` varchar(255) NOT NULL, # <- Changed from name > `options` blob, > PRIMARY KEY (`response_id`, `responder_id`) > ) TYPE=3DMyISAM; > > CREATE TABLE `rman_rules_response` ( > `rid` int(11) NOT NULL, > `response_id` int(11) NOT NULL, > PRIMARY KEY (`rid`,`response_id`) > ) TYPE=3DMyISAM; > > CREATE TABLE `rman_sensor_responders` ( > `sid` int(11) NOT NULL, > `responder_id` int(11) NOT NULL, > PRIMARY KEY (`sid`,`responder_id`) > ) TYPE=3DMyISAM; > > > > Please gimme some comments on it ;) > > > > All looks fine apart from a missing 'p' and the missing auto_increment = in > > rman_responses and extra s .... > > As you see now above, that is taken care of. Looks great - commit the changes to the dbschema and I'll create the diffs = for=20 the db upgrade path. <snip> > Javascript is not really my strength... Would be nice with some code ;) OK - I'll dig it out this afternoon. Just juggling some bandwidth on our= =20 transits at the moment. > > I already have a small patch for ACID which lists Rman alongside > > Arcachnids and snortDB - you just click on the RMAN link in the trigger= ed > > signature and up pops a new window / tab with the rule listed .... > > Cool. Send the patch this way? I'll send it with the Javascript. Time to get web-site writing. Cheers Mark =2D --=20 Mark Vevers. ma...@if... / ma...@ve... Principal Internet Engineer, Internet for Learning, Research Machines Plc. (AS5503) =2D -- GPG Key: http://pgp.mit.edu:11371/pks/lookup?op=3Dget&search=3D0xB08F3CA3 =46ingerprint: 85BA 30C4 9EC8 1792 4C8C C31E 58B5 3D1C B08F 3CA3 =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9ivgqWLU9HLCPPKMRAi/0AJ9Xc7V2oUZejhwS4esrmRVevXOvvwCgh+Pd RLsy3eBhnYx0iNi/nHlHB0Q=3D =3DFQvL =2D----END PGP SIGNATURE----- |