'Re: [prelude-user] prelude-manager xmlmod report plugin'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       prelude-user
Subject:    Re: [prelude-user] prelude-manager xmlmod report plugin
From:       "raymond durand" <secalf () gmail ! com>
Date:       2008-10-07 14:20:31
Message-ID: cbc9b11b0810070720v276275i8079c10693b11352 () mail ! gmail ! com
[Download RAW message or body]

Hi Yoann,

Thanks a lot for your answer.

2008/9/30 Yoann Vandoorselaere <yoann.v@prelude-ids.com>

> Hi Raymond,
>
> Le lundi 22 septembre 2008 à 16:44 +0200, raymond durand a écrit :
> > I use the XMLmod report plugin at the prelude-manager level (I use
> > prelude-manager 0.9.14.2).
> > I have made some tests and I found that the output file did not contain
> the
> > XML Prologue with XML version and does not contain the xml name space
> also.
> >
> > I would like that the XML file coming from the xmlmod output plugin begin
> > with a prologue specifying the xml version, so I could be fully
> compliance
> > with RFC 4765:
> >
> > IDMEF documents being exchanged between IDMEF-compliant applications
> >    MUST begin with an XML declaration, and MUST specify the XML version
> >
> >    in use.
> >
> > Could you please tell me if it is possible to specify explicitly the XML
> > version?
> > How?
>
> This is a libprelude bug, that we can not correct immediately because it
> would make some earlier version of Prelude-Manager dump a lot of
> assertion.

Ok.

>
>
> However, I'll try to commit a workaround to the Prelude-Manager xmlmod
> plugin. Could you please try the attached patch in the meantime?
>

I have just tested the patch which is working well.

>
>
> > Could you also please tell me if it is possible to specify explicitly the
> > name space to have an output file using the idmef name space like this
> > (<idmef:) like this extract of an example in RFC 4765
> >
> >    <*idmef*:IDMEF-Message version="1.0"
> >                   xmlns:idmef="http://iana.org/idmef">
> >
> >      <*idmef*:Alert messageid="abc123456789">
> >
> > How could I do that?
>
> Not sure how this could be handled: libxml2 doesn't seem to provide any
> helper for this. If you could get in touch with libxml2 developers so
> that they provide their insight, it might help!
>

I feel uncomfortable in contacting them as I do not know very well how
libxml2 is used.
I wonder if you could contact them or help me asking them?

>
> Regards,
>
> --
> Yoann Vandoorselaere | Responsable R&D / CTO | PreludeIDS Technologies
> Tel: +33 (0)9 50 70 21 58                  Fax: +33(0)9 57 25 21 58
> http://www.prelude-ids.com
>

Best regards,

Raymond
_______________________________________________
Prelude-user site list
Prelude-user@prelude-ids.org
http://lists.prelude-ids.org/mailman/listinfo/prelude-user

[prev in list] [next in list] [prev in thread] [next in thread] 