I would like to start a formal BASE 2.x discussion.
Kevin and I have had several talks about where he would like to take BASE 2.x and I think his vision is a good one. I would also like to get everyone else's input so we can find a starting place and well, start.
So, requirements and talking points
BASE 2.x needs to be built on the same platform as BASE 1.x to continue supporting existing users, with optional "stuff" if they want optional enhancements
BASE 2.x must except all forms of SNORT logging, including Barnyard.
A BASE1.x or classic view is a requirement
How to deal with Unified logging from SNORT - I think we need to be able to except unified logging directly from snort
Other IDS and Log sources.
Kevin and I foresee a module based system where we build the core BASE 2.x program and modules are built to except input from various sources format the data and collect it for BASE
A new front end
new features such as correlation and excepting input from multiple devices, see above,
So lets see where we can go with this and find a good starting place. Kevin has created a BASE 2.x folder that we can have people check stuff into. I would like to keep this discussion rolling so we can start making some progress.
Sean Muller CCNP CCDP GAWN
"Do or do not... there is no try." Yoda