Joe Carvalho wrote: > I've recently picked up working on Prelude/Prewikka and SEC, it's > been a few years. > > I've seen some msgs that sec integration is no longer part of the > Prelude tree. > > Is anyone still using it as the correlation engine?
Joe, If you meant to ask whether SEC is still used as a correlation engine for Prelude, I don't really know. About a year ago I exchanged some mails with people working on Prelude and asked about the current status of SEC+Prelude integration, and here is their answer: >> Hey Risto, >> We opted to go with a dedicated, compiled >> correlation engine...some of >> the stuff we were trying to do (in particular to >> operate in the same way >> a commercial SEIM does) we had problems >> accomplishing with SEC. >> Our resulting correlation engine borrows many >> concepts from SEC, though >> (the first implementation of it was almost exactly >> like SEC). >> So it is hard to tell whether anyone is using SEC with Prelude today... However, if you wanted to ask about the overall status of SEC, the product is very alive :) I don't know the precise number of users, but it is employed by many hundreds (if not thousands) of sites. Also, SEC packages exist for major Linux and BSD distributions -- here I'd like to use the opportunity and thank the authors and maintainers of these packages. hth, risto P.S. Do you intend to revive the SEC+Prelude integration project? If so, may I ask about the current status of the whole Prelude system and its event correlation features? ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Simple-evcorr-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
