[syslog-ng] few questions about patterndb

[Balazs Scheidler]

Hi,

On Wed, 2010-06-23 at 18:14 -0500, Martin Holste wrote:
> Currently, there's not a community repository for pattern-db, but I
> believe Balabit is hoping to have one.  That said, it does not sound
> like you need to use it for what you're trying to do.  The value of
> pattern-db is in fine-tuned classification and also parsing fields out
> of the bodies of messages.  For instance, here's a pattern I use to
> parse the basic fields in a Snort IDS log message:

There's progress on our patterndb front, but that seems to be slow, as
we originally planned to come forward with a shiny web interface.

However, I'm starting to think that simply creating a "best-practice"
policy document and putting user-contributed patterns into a version
controlled directory would give us tremendous value, even without the
web interface.

So this is what I'm going to do:
  * draft this patterndb policy document
  * create a git repository
  * create a daily snapshot of the set of "verified" patterns
  * ask anyone who has patterns to contribute their patterns (we do too)

The policy document would be an important part of that, since a
consistent naming policy would be very important to create a
maintainable database.

-- 
Bazsi