Hi, http://www.balabit.com/wiki/patterndb mentions the "patterndb project", but there is hardly any information. I have a couple of additions to the sshd patterns, does anyone know where to put/send them? Best regards, Valentijn
Hello, On 02/18/2011 12:57 PM, Valentijn Sessink wrote:
Hi,
http://www.balabit.com/wiki/patterndb mentions the "patterndb project", but there is hardly any information. I have a couple of additions to the sshd patterns, does anyone know where to put/send them?
First of all: thank you for working on patterns / patterndb! As you might have read it here on the list or at Bazsi's blog, we plan to move patterndb to CEE instead of using our own schema: http://bazsi.blogs.balabit.com/2010/11/patterndb-goes-cee/ The problem with CEE is that it's still a quickly moving target. Until it is a bit more stabilized (hopefully Q1 this year, according to yesterdays CEE board meeting), we continue to work on our own. Summary: please send your additions to the list. We will integrate it and transform later to CEE once that is more ready for use. Bye, -- Peter Czanik (CzP) <czanik@balabit.hu> BalaBit IT Security / syslog-ng upstream http://czanik.blogs.balabit.com/
Hi, Peter Czanik schreef:
As you might have read it here on the list or at Bazsi's blog, we plan to move patterndb to CEE instead of using our own schema
OK. Does this also mean that the patterns at http://git.balabit.hu/?p=bazsi/syslog-ng-patterndb.git are out of date, i.e. that there are newer (but not public) patterns? (For example, the sshd patterns are very useful, variables and all, but there are some messages lacking and it's latest revision is from 2010-07-13). Sending a bunch of patterns that you already have, or sending patterns in an oldfashioned format is not my intent. Best regards, Valentijn
On 02/18/2011 03:41 PM, Valentijn Sessink wrote:
Hi,
Peter Czanik schreef:
As you might have read it here on the list or at Bazsi's blog, we plan to move patterndb to CEE instead of using our own schema
OK. Does this also mean that the patterns at http://git.balabit.hu/?p=bazsi/syslog-ng-patterndb.git are out of date, i.e. that there are newer (but not public) patterns? (For example, the sshd patterns are very useful, variables and all, but there are some messages lacking and it's latest revision is from 2010-07-13).
Sending a bunch of patterns that you already have, or sending patterns in an oldfashioned format is not my intent.
Internally I worked on to convert existing patterns to CEE. Those became quickly out of date, as CEE is still a moving target. So, for now we will continue working using the "oldfashioned" format, focusing on login / logout events. Once CEE is ready for use, I'll convert patterns from "oldfashioned" to CEE. Summary: your patterns are very welcome and I encourage everyone to send new or updated patterns or help us to collect log samples: http://czanik.blogs.balabit.com/2010/11/log-sample-collecting-project/ -- Peter Czanik (CzP) <czanik@balabit.hu> BalaBit IT Security / syslog-ng upstream http://czanik.blogs.balabit.com/
participants (2)
-
Peter Czanik
-
Valentijn Sessink