Rolf, yes, it is possible to define a certain processing order for configuration files. Also, you can easily arrange rule files in a hierarchical manner. In order to accomplish this, you need to create configuration file sets with Options rules and define the processing flow with Jump rules. Please be advised that the SEC tutorial you are referring to is fairly old and covers 2.2 version of SEC which does not support many more advanced features. In order to gain insight into Jump and Options rules, please have a look at the following example in the official documentation: Example 2 - hierarchically organized rulesets for iptables and sshd events (http://simple-evcorr.sourceforge.net/man.html#lbBE) Also, I'd recommend to read the documentation sections for Options and Jump rules. kind regards, risto
2014-02-08 13:35 GMT+02:00 Rolf Nufable <[email protected]>: > is it possible to link 3 configuration files for correlation? > > like in this example it used 2 configuration files to correlate and insert > it to the database > > http://simple-evcorr.sourceforge.net/SEC-tutorial/article-part2.html#DATABASEINTEGRATION > > My goal is to correlate event from snort and be able to correlate using 3 > successive trigger of rules > and then insert it to a database for processing > > please help me I'm kinda lost > > ------------------------------------------------------------------------------ > Managing the Performance of Cloud-Based Applications > Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. > Read the Whitepaper. > http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk > _______________________________________________ > Simple-evcorr-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users > ------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk _______________________________________________ Simple-evcorr-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
