[prev in list] [next in list] [prev in thread] [next in thread]
List: ossec-dev
Subject: Re: [ossec-dev] split alert by source ip or subnet
From: enricoermanno.dallara () gmail ! com
Date: 2014-10-22 12:18:33
Message-ID: 94a5f8ea-2c7a-4449-9ca7-46170e08ade2 () googlegroups ! com
[Download RAW message or body]
I did not mean to ost 3 times, I had some problem with the browser. Thank
you for the hint on zeromq, I will check it immediately.
On Tuesday, October 21, 2014 2:56:17 PM UTC+2, ddp...@gmail.com wrote:
>
> On Tue, Oct 21, 2014 at 4:41 AM, <enricoerma...@gmail.com <javascript:>>
> wrote:
> > Hi Guys,
> >
> > I think OSSEC is an awesome product and it works very well. I was
> wondering
> > if you think to implement the possibility to split the alert based on
> source
> > IP or subnet. The reason I ask this is because in an integration with
> > splunk, it would be nice to be able to send logs to different indexes at
> > forwarding time, rather than doing at indexing time, since indexing time
> is
> > much more demanding in terms of computational power. Additionally, if
> you
> > consider such scenario in a multi-tenant environment, it makes life a
> lot
> > easier, having log splitted directly on the OSSEC server and monitor the
> > different logfiles with a splunk universal forwarder.
> >
> > Is that a feature you might consider to implement?
> >
>
> 3 messages on 2 lists in 6 minutes seems excessive.
>
> > Thank you
> >
> > E.B.
> >
> > --
> >
> > ---
> > You received this message because you are subscribed to the Google
> Groups
> > "ossec-dev" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an
> > email to ossec-dev+...@googlegroups.com <javascript:>.
> > For more options, visit https://groups.google.com/d/optout.
>
--
---
You received this message because you are subscribed to the Google Groups "ossec-dev" \
group. To unsubscribe from this group and stop receiving emails from it, send an \
email to ossec-dev+unsubscribe@googlegroups.com. For more options, visit \
https://groups.google.com/d/optout.
[Attachment #3 (text/html)]
<div dir="ltr">I did not mean to ost 3 times, I had some problem with the browser. \
Thank you for the hint on zeromq, I will check it immediately.<br><br>On Tuesday, \
October 21, 2014 2:56:17 PM UTC+2, ddp...@gmail.com wrote:<blockquote \
class="gmail_quote" style="margin: 0;margin-left: 0.8ex;border-left: 1px #ccc \
solid;padding-left: 1ex;">On Tue, Oct 21, 2014 at 4:41 AM, <<a \
href="javascript:" target="_blank" gdf-obfuscated-mailto="tCLocXxUZzwJ" \
onmousedown="this.href='javascript:';return true;" \
onclick="this.href='javascript:';return true;">enricoerma...@gmail.<wbr>com</a>> \
wrote: <br>> Hi Guys,
<br>>
<br>> I think OSSEC is an awesome product and it works very well. I was wondering
<br>> if you think to implement the possibility to split the alert based on source
<br>> IP or subnet. The reason I ask this is because in an integration with
<br>> splunk, it would be nice to be able to send logs to different indexes at
<br>> forwarding time, rather than doing at indexing time, since indexing time is
<br>> much more demanding in terms of computational power. Additionally, if you
<br>> consider such scenario in a multi-tenant environment, it makes life a lot
<br>> easier, having log splitted directly on the OSSEC server and monitor the
<br>> different logfiles with a splunk universal forwarder.
<br>>
<br>> Is that a feature you might consider to implement?
<br>>
<br>
<br>3 messages on 2 lists in 6 minutes seems excessive.
<br>
<br>> Thank you
<br>>
<br>> E.B.
<br>>
<br>> --
<br>>
<br>> ---
<br>> You received this message because you are subscribed to the Google Groups
<br>> "ossec-dev" group.
<br>> To unsubscribe from this group and stop receiving emails from it, send an
<br>> email to <a href="javascript:" target="_blank" \
gdf-obfuscated-mailto="tCLocXxUZzwJ" onmousedown="this.href='javascript:';return \
true;" onclick="this.href='javascript:';return \
true;">ossec-dev+...@<wbr>googlegroups.com</a>. <br>> For more options, visit <a \
href="https://groups.google.com/d/optout" target="_blank" \
onmousedown="this.href='https://groups.google.com/d/optout';return true;" \
onclick="this.href='https://groups.google.com/d/optout';return \
true;">https://groups.google.com/d/<wbr>optout</a>. <br></blockquote></div>
<p></p>
-- <br />
<br />
--- <br />
You received this message because you are subscribed to the Google Groups \
"ossec-dev" group.<br /> To unsubscribe from this group and stop receiving \
emails from it, send an email to <a \
href="mailto:ossec-dev+unsubscribe@googlegroups.com">ossec-dev+unsubscribe@googlegroups.com</a>.<br \
/> For more options, visit <a \
href="https://groups.google.com/d/optout">https://groups.google.com/d/optout</a>.<br \
/>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic