Some new decoder/rules syntax require a minimal version of OSSEC source to
run.
Suggest using a rule version numbering system that takes this into
consideration, and embed the version string in the comment of ...rules.xml
files.
For example, if 2.7.1-r000 is the default rules when OSSEC 2.7.1 was
released.
More frequent rules updates could be named 2.7.1-r001, 2.7.1-r002, and so
on.
Like the idea, but I don't think the versions should be in xml comments.
I think they should usable data in the xml, but that also requires
coding.
<require major="2" minor="7">
<decoder>
<!-- more stuff here --!>
</decider>
</require>
This could be in the shared xml parser code and would cause it to skip
all child objects, but if require version matches or is greater just
read text as normal. From thinking about how XML in ossec works should
not be a huge amount of work if someone wants to take it on.
-Jeremy Rossi
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
