mailing list archives
Re: Rule Management UI
From: Jaime Nebrera <jnebrera () eneotecnologia com>
Date: Thu, 23 May 2013 18:14:48 +0200
hehe.. Nice. Thanks Jaime! The site looks great! Will give it a try.
ALso one thing that drew me a smile was the barnyard plugin for big data!
i will read how to implement this with logstash and ElasticSearch. Im
using red is as queue
system as logstash has output input plugins. Will read about kafka..
Actually we read the queue in different ways. As we can consider an
event a subset of a standard log we are working on solving that side in
both areas, not just for Snort. Thus we do:
* Read the events (already enriched with metadata) for dashboards /
GUI. This will show aggregated data and not in all fields but will be
screaming fast. The same would apply to other projects like Flow.
* Read RAW data and store it in some kind of schema less system. We
still have to decide quite a bit on how to do this part. Flow for
example wont need this part, and this is why is almost ready
* Read the messages from a Correlation engine in order to produce
further events by itself. We have decided the software we will employ
for this, but is not ready
As for standard logs, an enhanced syslog server will process them and
extract as much metadata as possible and inject this info in the kafka
system, were it will be pipelined into our whole infraestructure
We fear logstash wont be fast enough for what we are seeking (again,
not just IDS events). Elastic search is for sure in our radar screen :)
Either way, as we suggested in the original post, we believe our
patch to Barnard will provide a lot of alternatives into BigData realm.
We are open to discuss ideas with the community :)
Jaime Nebrera - jnebrera () eneotecnologia com
Consultor TI - ENEO Tecnologia SL
C/ Manufactura 2, Edificio Euro, Oficina 3N
Mairena del Aljarafe - 41927 - Sevilla
Telf.- 955 60 11 60 / 619 04 55 18
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
Please visit http://blog.snort.org to stay current on all the latest Snort news!
Re: Rule Management UI Stephen Jonnotti (May 24)