Hi Sherwin, This could be easily integrated by reading the SDEE messages and forwarding them via syslog (or writing to a file) for OSSEC. Any Perl guy in here willing to take this job? :)
Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On Jan 21, 2008 12:15 AM, Sherwin P. William Abocejo <[EMAIL PROTECTED]> wrote: > > Sebastien, > > Thank you for your reply. I got this link > http://search.cpan.org/~jminieri/Net-SDEE-0.01/lib/Net/SDEE.pm talking > about SDEE and providing some codes for programming. How this could be > integrated to OSSEC. > > Hope you'll help us this issue. > > Regards, > Sherwin > > > -----Original Message----- > From: ossec-list@googlegroups.com [mailto:[EMAIL PROTECTED] > On Behalf Of Sebastien Tricaud > Sent: Monday, January 21, 2008 2:04 AM > To: ossec-list@googlegroups.com > Subject: [ossec-list] Re: SDEE Support > Importance: High > > > | > | Hi All, > > Hello, > > | > | Does OSSEC support Security Device Event Exchange (SDEE)? What can > you > | recommend so that I could get logs from devices only uses this > SDEE > | protocols. > > No it currently does not. I wouldn't not mind doing it as I did for > IDMEF, but > I simply cannot find the SDEE protocol spec. > > Right now, this only interoperable protocol supported by OSSEC since > version > 1.4 is IDMEF. > > > Regards, > Sebastien. > > > > This message contains confidential information and is intended only for > the individual named. If you are not the named addressee you should not > disseminate, distribute or copy this e-mail. Please notify the sender > immediately by e-mail if you have received this e-mail by mistake and > delete this e-mail from your system. E-mail transmission cannot be > guaranteed to be secure or error-free as information could be > intercepted, corrupted, lost, destroyed, arrive late or incomplete, or > contain viruses. The sender therefore does not accept liability for any > errors or omissions in the contents of this message, which arise as a > result of e-mail transmission. If verification is required please > request a hard-copy version. > > This message contains confidential information and is intended only for the > individual named. If you are not the named addressee you should not > disseminate, distribute or copy this e-mail. Please notify the sender > immediately by e-mail if you have received this e-mail by mistake and delete > this e-mail from your system. E-mail transmission cannot be guaranteed to be > secure or error-free as information could be intercepted, corrupted, lost, > destroyed, arrive late or incomplete, or contain viruses. The sender > therefore does not accept liability for any errors or omissions in the > contents of this message, which arise as a result of e-mail transmission. If > verification is required please request a hard-copy version. > >
