incubator-alois-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Urs Lerch <m...@ulerch.net>
Subject Re: roadmap
Date Wed, 08 Dec 2010 16:12:16 GMT
Hi Christian,

thanks for your input and suggestions. Actually, I'm almost finished
with the project page creation and hope to publish it today, certainly
tomorrow.

I believe that the next step is to actively build a community, too. Do
you have any suggestions how to proceed best? I'll add this point in our
board report. But in my opinion, we should keep the roadmap on our site
on a technical level.

Best,
Urs


Am Mittwoch, den 08.12.2010, 12:27 +0100 schrieb Christian Grobmeier:
> Urs,
> even when I have not a deep insight in ALOIS, your roadmap looks good.
> I would like to add to the discussion the following: ALOIS should get
> a community as soon as possible. The project should start immediately
> with webpage, "how to get involved" articles and of course publish the
> roadmap below. The tasks you mentioned sound like tons of work and i
> believe helping hands are crucial for success.
> 
> That being said, I would like to see this community aspects on the
> roadmap, even when the roadmap was meant more on a technical level.
> 
> Additionally I might be able to help a little bit with project page creation.
> 
> Cheers
> Christian
> 
> On Tue, Dec 7, 2010 at 7:06 PM, Urs Lerch <mail@ulerch.net> wrote:
> > Hi,
> >
> > Marcus recently asked me to take a closer look on the new version of
> > syslog-ng, and if it could possibly be integrated in ALOIS or if it is
> > even getting a competitor to ALOIS. Here are my findings in short:
> >
> >  - syslog-ng still only contents part of the functionality of ALOIS,
> >    but might head towards a fully implemented SIEM
> >  - furthermore, some of the (interesting) functionality is proprietary
> >  - syslog-ng therefor is dual-licenced, patches are filtered by the
> >    company behind syslog-ng
> >  - if any, I would prefer rsyslog
> >
> > We still have the issue of a roadmap open. I think we already agreed to
> > first discuss where we are heading to before to become more concrete.
> > Therefor I present "my vision" for discussion:
> >
> > <vision>
> >
> > I see Apache ALOIS as a "best of breeds" pot. Therefor, ALOIS contains a
> > core which is (or at least kind of) a message bus. This message bus is
> > the interface for all of these tools to work together. I am not talking
> > of a general message bus (but we might take one as a base), but one
> > which is specially for this case and can and will contain some
> > application logic. To have a fully functional SIEM without legal
> > incompatiblity there is for every interface an own tool, which
> > implements the basic functionality. These tools could be the actual
> > moduls of ALOIS.
> >
> > I see the following basic functionality (and therefor interfaces):
> >
> >  1. Collectors or agents, which collect the logs of a system or
> >     application
> >  2. Data server, which collects all logs from agents, stores it and
> >     does maybe some filtering
> >  3. Data mining, which correlates the data
> >  4. Reporting
> >  5. Frontend for display
> >
> > This basic functionality should be implemented independently and
> > therefor such a tool (or group of tools) can be replaced rather easy, if
> > there is found a better one. To allow this independence we need a
> > message bus.
> >
> > </vision>
> >
> > Please give your input, be it comments on my vision or be it your own.
> >
> > Best,
> > Urs
> >
> 
> 
> 


Mime
View raw message