'Re: [ossec-dev] split alert by source ip or subnet'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ossec-dev
Subject:    Re: [ossec-dev] split alert by source ip or subnet
From:       enricoermanno.dallara () gmail ! com
Date:       2014-10-22 12:18:33
Message-ID: 94a5f8ea-2c7a-4449-9ca7-46170e08ade2 () googlegroups ! com
[Download RAW message or body]

I did not mean to ost 3 times, I had some problem with the browser. Thank 
you for the hint on zeromq, I will check it immediately.

On Tuesday, October 21, 2014 2:56:17 PM UTC+2, ddp...@gmail.com wrote:
> 
> On Tue, Oct 21, 2014 at 4:41 AM,  <enricoerma...@gmail.com <javascript:>> 
> wrote: 
> > Hi Guys, 
> > 
> > I think OSSEC is an awesome product and it works very well. I was 
> wondering 
> > if you think to implement the possibility to split the alert based on 
> source 
> > IP or subnet. The reason I ask this is because in an integration with 
> > splunk, it would be nice to be able to send logs to different indexes at 
> > forwarding time, rather than doing at indexing time, since indexing time 
> is 
> > much more demanding in terms of computational power. Additionally, if 
> you 
> > consider such scenario in a multi-tenant environment, it makes life a 
> lot 
> > easier, having log splitted directly on the OSSEC server and monitor the 
> > different logfiles with a splunk universal forwarder. 
> > 
> > Is that a feature you might consider to implement? 
> > 
> 
> 3 messages on 2 lists in 6 minutes seems excessive. 
> 
> > Thank you 
> > 
> > E.B. 
> > 
> > -- 
> > 
> > --- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "ossec-dev" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an 
> > email to ossec-dev+...@googlegroups.com <javascript:>. 
> > For more options, visit https://groups.google.com/d/optout. 
> 

-- 

--- 
You received this message because you are subscribed to the Google Groups "ossec-dev" \
group. To unsubscribe from this group and stop receiving emails from it, send an \
email to ossec-dev+unsubscribe@googlegroups.com. For more options, visit \
https://groups.google.com/d/optout.


[Attachment #3 (text/html)]

<div dir="ltr">I did not mean to ost 3 times, I had some problem with the browser. \
Thank you for the hint on zeromq, I will check it immediately.<br><br>On Tuesday, \
October 21, 2014 2:56:17 PM UTC+2, ddp...@gmail.com wrote:<blockquote \
class="gmail_quote" style="margin: 0;margin-left: 0.8ex;border-left: 1px #ccc \
solid;padding-left: 1ex;">On Tue, Oct 21, 2014 at 4:41 AM, &nbsp;&lt;<a \
href="javascript:" target="_blank" gdf-obfuscated-mailto="tCLocXxUZzwJ" \
onmousedown="this.href='javascript:';return true;" \
onclick="this.href='javascript:';return true;">enricoerma...@gmail.<wbr>com</a>&gt; \
wrote: <br>&gt; Hi Guys,
<br>&gt;
<br>&gt; I think OSSEC is an awesome product and it works very well. I was wondering
<br>&gt; if you think to implement the possibility to split the alert based on source
<br>&gt; IP or subnet. The reason I ask this is because in an integration with
<br>&gt; splunk, it would be nice to be able to send logs to different indexes at
<br>&gt; forwarding time, rather than doing at indexing time, since indexing time is
<br>&gt; much more demanding in terms of computational power. Additionally, if you
<br>&gt; consider such scenario in a multi-tenant environment, it makes life a lot
<br>&gt; easier, having log splitted directly on the OSSEC server and monitor the
<br>&gt; different logfiles with a splunk universal forwarder.
<br>&gt;
<br>&gt; Is that a feature you might consider to implement?
<br>&gt;
<br>
<br>3 messages on 2 lists in 6 minutes seems excessive.
<br>
<br>&gt; Thank you
<br>&gt;
<br>&gt; E.B.
<br>&gt;
<br>&gt; --
<br>&gt;
<br>&gt; ---
<br>&gt; You received this message because you are subscribed to the Google Groups
<br>&gt; "ossec-dev" group.
<br>&gt; To unsubscribe from this group and stop receiving emails from it, send an
<br>&gt; email to <a href="javascript:" target="_blank" \
gdf-obfuscated-mailto="tCLocXxUZzwJ" onmousedown="this.href='javascript:';return \
true;" onclick="this.href='javascript:';return \
true;">ossec-dev+...@<wbr>googlegroups.com</a>. <br>&gt; For more options, visit <a \
href="https://groups.google.com/d/optout" target="_blank" \
onmousedown="this.href='https://groups.google.com/d/optout';return true;" \
onclick="this.href='https://groups.google.com/d/optout';return \
true;">https://groups.google.com/d/<wbr>optout</a>. <br></blockquote></div>

<p></p>

-- <br />
<br />
--- <br />
You received this message because you are subscribed to the Google Groups \
&quot;ossec-dev&quot; group.<br /> To unsubscribe from this group and stop receiving \
emails from it, send an email to <a \
href="mailto:ossec-dev+unsubscribe@googlegroups.com">ossec-dev+unsubscribe@googlegroups.com</a>.<br \
/> For more options, visit <a \
href="https://groups.google.com/d/optout">https://groups.google.com/d/optout</a>.<br \
/>



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic