incubator-alois-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Grobmeier <grobme...@gmail.com>
Subject Re: roadmap
Date Wed, 08 Dec 2010 11:27:14 GMT
Urs,
even when I have not a deep insight in ALOIS, your roadmap looks good.
I would like to add to the discussion the following: ALOIS should get
a community as soon as possible. The project should start immediately
with webpage, "how to get involved" articles and of course publish the
roadmap below. The tasks you mentioned sound like tons of work and i
believe helping hands are crucial for success.

That being said, I would like to see this community aspects on the
roadmap, even when the roadmap was meant more on a technical level.

Additionally I might be able to help a little bit with project page creation.

Cheers
Christian

On Tue, Dec 7, 2010 at 7:06 PM, Urs Lerch <mail@ulerch.net> wrote:
> Hi,
>
> Marcus recently asked me to take a closer look on the new version of
> syslog-ng, and if it could possibly be integrated in ALOIS or if it is
> even getting a competitor to ALOIS. Here are my findings in short:
>
>  - syslog-ng still only contents part of the functionality of ALOIS,
>    but might head towards a fully implemented SIEM
>  - furthermore, some of the (interesting) functionality is proprietary
>  - syslog-ng therefor is dual-licenced, patches are filtered by the
>    company behind syslog-ng
>  - if any, I would prefer rsyslog
>
> We still have the issue of a roadmap open. I think we already agreed to
> first discuss where we are heading to before to become more concrete.
> Therefor I present "my vision" for discussion:
>
> <vision>
>
> I see Apache ALOIS as a "best of breeds" pot. Therefor, ALOIS contains a
> core which is (or at least kind of) a message bus. This message bus is
> the interface for all of these tools to work together. I am not talking
> of a general message bus (but we might take one as a base), but one
> which is specially for this case and can and will contain some
> application logic. To have a fully functional SIEM without legal
> incompatiblity there is for every interface an own tool, which
> implements the basic functionality. These tools could be the actual
> moduls of ALOIS.
>
> I see the following basic functionality (and therefor interfaces):
>
>  1. Collectors or agents, which collect the logs of a system or
>     application
>  2. Data server, which collects all logs from agents, stores it and
>     does maybe some filtering
>  3. Data mining, which correlates the data
>  4. Reporting
>  5. Frontend for display
>
> This basic functionality should be implemented independently and
> therefor such a tool (or group of tools) can be replaced rather easy, if
> there is found a better one. To allow this independence we need a
> message bus.
>
> </vision>
>
> Please give your input, be it comments on my vision or be it your own.
>
> Best,
> Urs
>



-- 
http://www.grobmeier.de

Mime
View raw message