* Michael Starks <ossec-l...@michaelstarks.com> [2014-06-18 09:21:05 -0500]:
On 2014-06-18 8:47, Artien Bel wrote:
Again, to be clear: I have no actual objection to this functionality
than that I feel effort could be better invested in other parts of
OSSEC, because there are already better solutions for reliable log
shipping.
Not being a developer I am not fully qualified to comment on this, but
I think I can say with confidence that the small step of making the
ossec header actually match the syslog format in archives.log would be
a trivial effort. There is already code to do this in ossec-csyslogd.
Multi-line logs aside, that would allow a local syslog daemon to at
least tail the log file and do something with it without putting in
some rewrite statements.
Its not small :) It looks it is far from it.
Making logs reliable, having non-repudiation and such are worthwhile
goals,
This is harder still.
but not actual requirements in many environments. Sadly, many
organizations struggle with the task of just collecting logs via
syslog/UDP, so making them usable and easily archived is the real
issue.
Search is something that I don't want to touch with a 10 foot pull, I
will stay as far away from that as possiable ;) other can look in to it,
but not me ;)
-Jeremy Rossi
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
