_This is a break backwards compatibility feature _
Manual creating json is not something that is worth the time. CJSON is simple fast and proven. So I see it as less chance of errors and bugs. Plus I am planning on ingesting json alerts to allow ossec agent to send json data so parsing and decoding is not needed. Good example would be syscheck alerts as json would be much simpler.
I want to at some point break out formatting for alerts so you can mix and match them:
Transport:
Syslog udp
Syslog tcp
Zeromq pub
Redis push pop
File append
Smtp
Format:
Json
Syslog RFC
Ossec alert
Syslog cef
Email
Now mix and match as needed needed for environment.
Note: This issue has been automatically migrated from Bitbucket
Created by jrossi on 2013-09-13 00:58:18+00:00, last updated: 2013-09-13 01:13:06+00:00
jrossi
commented
10 years ago
From thread: https://groups.google.com/forum/#!topic/ossec-dev/iDe-JyiNfAg
_This is a break backwards compatibility feature _
Manual creating json is not something that is worth the time. CJSON is simple fast and proven. So I see it as less chance of errors and bugs. Plus I am planning on ingesting json alerts to allow ossec agent to send json data so parsing and decoding is not needed. Good example would be syscheck alerts as json would be much simpler.
I want to at some point break out formatting for alerts so you can mix and match them:
Transport:
Format:
Now mix and match as needed needed for environment.
Note: This issue has been automatically migrated from Bitbucket Created by jrossi on 2013-09-13 00:58:18+00:00, last updated: 2013-09-13 01:13:06+00:00