Thread: [Nodebrain-users] RE: project interest

Hi,

Thank for your mail. Your examples will help me in building rules...

About the count of line, it was a bad example. I have many sort of data
source:
- syslog files
- virus log files
- host monitoring (delay, up/down, ...)
- ...
And I have to centralize these data for many servers. For the moment,
I use echelog but I have to run my own script to split mesure and put
them in rrdtool db, split syslog lines to retrieve number of email/days,
to look at rejected/accepted/dropped lines in firewall netfilter logs
and more ...
For now, I don't known how doing correlation rules with these data.

With a friend, we have defined a language that have many common points
with yours. We are thinking this is not a good idea to rebuild a project
that exist. So I prefer to test and give you new ideas / patch to put on
your project. I do that for echelog project and I think it is a work fine.

I do not want to run a undetermined number of processus on the log server
and perl is very heavy for memory and cpu.

I have read all of your doc (very good work), but my are you using your
own encryption, why don't you use SSL with certificates to identify
hosts?
I propose to build a Makefile. All your source files are loaded in a the nb.c.
Is it in your todo list?

Benoit

-- 
Benoit DOLEZ
GSM: +33 6 21 05 91 69                mailto:bd...@an...

Thank you for the comments.  A project request to include a makefile has =
been entered.  With respect to SSL, it may be a better way to go, =
especially if major deficiencies are discovered in the NodeBrain =
encryption code.  The current design was selected before deciding to go =
open source with NodeBrain.  At that time, I wanted to have full control =
and independence.  I didn't want to have something larger than needed =
and possibility more difficult to port to new platforms, or something =
that might go through revisions that NodeBrain would have to chase.  I =
assumed any approach other than writing it myself would introduce these =
problems, which may not be correct for SSL implementations.  And, after =
all, NodeBrain is dependent on a C compiler and libraries, so what's =
another library?  I will reconsider this issue if there are security =
deficiencies in the current method or it makes it less attractive for =
use by others.  Thanks for bringing up this question.

Ed Trettevik <ea...@no...>

-----Original Message-----
From: Benoit DOLEZ [mailto:bd...@an...]
Sent: Monday, March 10, 2003 1:08 AM
To: nod...@li...
Cc: Trettevik, Ed A
Subject: RE: project interest


Hi,

Thank for your mail. Your examples will help me in building rules...

About the count of line, it was a bad example. I have many sort of data
source:
- syslog files
- virus log files
- host monitoring (delay, up/down, ...)
- ...
And I have to centralize these data for many servers. For the moment,
I use echelog but I have to run my own script to split mesure and put
them in rrdtool db, split syslog lines to retrieve number of email/days,
to look at rejected/accepted/dropped lines in firewall netfilter logs
and more ...
For now, I don't known how doing correlation rules with these data.

With a friend, we have defined a language that have many common points
with yours. We are thinking this is not a good idea to rebuild a project
that exist. So I prefer to test and give you new ideas / patch to put on
your project. I do that for echelog project and I think it is a work =
fine.

I do not want to run a undetermined number of processus on the log =
server
and perl is very heavy for memory and cpu.

I have read all of your doc (very good work), but my are you using your
own encryption, why don't you use SSL with certificates to identify
hosts?
I propose to build a Makefile. All your source files are loaded in a the =
nb.c.
Is it in your todo list?

Benoit

--=20
Benoit DOLEZ
GSM: +33 6 21 05 91 69                mailto:bd...@an...