On Sat, 8 Feb 2014, Rolf Nufable wrote:
is it possible to link 3 configuration files for correlation?
like in this example it used 2 configuration files to correlate and insert it
to the database
http://simple-evcorr.sourceforge.net/SEC-tutorial/article-part2.html#DATABASEINTEGRATION
My goal is to correlate event from snort and be able to correlate using 3
successive trigger of rules
and then insert it to a database for processing
please help me I'm kinda lost
it's not clear why you are saying you need separate configuration files.
can you back up a little bit and explain what you are trying to do
you want to see a particular message from snort, then do what?
David Lang
------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
