In message <4a4916a51001250750n1b939f9fqa32c7d9fa0dae...@mail.gmail.com>,
antonin mora writes:
>It could be nice to add an input source in a future version, reading
>an ActiveMQ queue.
>
>If that can help :
>
>--> Library used to read in ActiveMQ :
>[...] code elided
It's not SEC's job to translate an external event source (e.g. windows
event log, or messaging middleware) into a printable
representation. That is best handled via external programs keeping SEC
source agnoistic.
The best thing to do with this is to make it an external program
similar to itostream.c in the main distribution. Then the program can
be run externally and it's output piped into SEC on stdin, or SEC can
run it using a spawn action.
--
-- rouilj
John Rouillard
===========================================================================
My employers don't acknowledge my existence much less my opinions.
------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
