[Lognorm] Libnormalize issue
James Lay
jlay at slave-tothe-box.net
Thu Nov 3 12:11:38 CET 2011
On 11/3/11 4:42 AM, "Rainer Gerhards" <rgerhards at hq.adiscon.com> wrote:
>I have just uploaded an overview paper that may help to provide context
>for
>this discussion (though admittedly not touching it precisely):
>
>http://www.gerhards.net/download/LogNormalizationV2.pdf
>
>HTH
>Rainer
Wow...thanks Rainer, Champ and David...this is a LOT of great information
for me to use. Again, I'm only using liblognorm as it relates to Sagan,
so I'll get with Champ and ask a few more questions about how Sagan and
liblognorm relate. As a final thought to think about..as it relates to
false positives and the like, whose job is it to verify....the app sending
the data, or the library parsing the data? Food for thought. I'll post
some results in a different thread soon...already working with more types
of data and rules...firewall rules come first, then others later :)
Thanks again all.
James
More information about the Lognorm
mailing list