[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sguil-devel
Subject:    Re: [Sguil-devel] Fwd: Sguil Reports
From:       "SRH-Lists" <giermo () 333tech ! com>
Date:       2006-08-30 14:17:56
Message-ID: 9267DC29CFA95142A742E4445E90CD5549812A () gandalf ! toit ! domain
[Download RAW message or body]

 
> Personally, I never use the built-in reporting feature in the Sguil
> console.  I think that in order to be useful, reports need to be run
> as a batch job on an automatic schedule.  

The reports I included in the console were never intended to be the big
"give me a report of incident over x time" type of reports.  I put them
in initially to look at snap trends (quick report of "who is generating
all that traffic all of a sudden") and sensor tuning (new sensor online,
pick alerts to autocat or disable).  I think that more PHB (ask Bamm)
type reports do not belong in client and would be better served on a web
page or similar.

-steve

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Sguil-devel mailing list
Sguil-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sguil-devel

[prev in list] [next in list] [prev in thread] [next in thread]