[Dshield] Standardized reporting via SOAP? (WAS: Re: [Dshield] New Client: TinyFirewall / Syslog)

Ed Truitt ed.truitt at etee2k.net
Mon Mar 4 00:22:03 GMT 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Actually, if you were going to try and standardize the format, I
would like to see you do something with XML - then maybe use SOAP to
transmit the reports in (IIRC, SOAP will support both synchronous
transmission over HTTP/HTTPS and asynchronous transmission over
SMTP.)

A standard XML format for IDS / firewall reporting would be a nice
thing to have.  If vendors would implement such a thing, it would
mean that DShield and other such services wouldn't have to write
parsers for all the different types of log formats - the vendors
could simply write a program / script that would extract the relevant
log data, XML-ize it, and store it / transmit it for analysis.  Being
somewhat of a newbie to the whole IDS space, is there any such effort
underway?

Cheers,
Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9
http://www.etee2k.net
http://www.bsatroop148.org

"Note to spammers:  my 'delete' key is connected to YOUR ISP. 
 Also, if you send me UCE, I reserve the right to post your spew 
on my Web site, with the appropriate color commentary, so that 
others may have a good laugh at your expense."

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPIK+J9uunCUC+Qq5EQKXHgCg/43L/4artMePjEmunk+UAy1zRfEAoNsz
iqLtICCulsG5iyvFdgTgXpHX
=vjBH
-----END PGP SIGNATURE-----




More information about the list mailing list