waf-fle
waf-fle copied to clipboard
klaubert
Roadmap
Klaubert, could you publish roadmap for waf-fle. I think everybody, who is interested in waf-fle, wants to know for what we can look forward. I appreciate your work on this great piece of software, but it should be nice to know what is planned to the future. Maybe someone can help you.
Juraj,
I really have a roadmap (maybe it sounds more like a wish-list), while not public yet (is too ambicious)... I`ll share it in waf-fle site or GitHub (in a roadmap form).
Thanks for asking,
Best regards,
Klaubet
On Tue, Aug 12, 2014 at 7:16 AM, Juraj Sakala [email protected] wrote:
Klaubert, could you publish roadmap for waf-fle. I think everybody, who is interested in waf-fle, wants to know for what we can look forward. I appreciate your work on this great piece of software, but it should be nice to know what is planned to the future. Maybe someone can help you.
Reply to this email directly or view it on GitHub https://github.com/klaubert/waf-fle/issues/25.
Klaubert,
do you plan elasticsearch support as a parallel backend to MySQL? Nowadays I am working on log management solution for my company based on logstash, elasticsearch and kibana. It works quite well, but I am missing modsec output in the central log storage. I play with idea where I store these events in the database and in the elasticsearch as well. The waf-fle event parser suits to my requirements, so only one thing needed to be done is parallel output to the database and to the elasticsearch. I think it shouldn't be big deal. What is your opinion? Personaly, I am sure, that this could be good and valuable feature for a lot of security admins.
Best regards,
Juraj
Juraj,
I had look for elasticsearch some time ago, but while very interesting I personally can't do this kind of change in waf-fle by now. One thing that I'm planning is to enable the usage of mysql partition, that can improve the performance in queries and in (so expected) database maintenance. But I'm studding a good way to use partition in an automated way.
While I don't have plan/time to expand waf-fle to use other technologies (like elasticsearch) for while, I think that it can be useful for many users that have more volume, so if you are available to help on develop this, maybe we can work in this way . One thing that I plan is a way to export waf-fle events, in real-time, to other log usages like SIEM (your idea to write in parallel can be one form of this), lets think more about this, it even open other possibilities.
Best regards,
Klaubert
On Fri, Aug 15, 2014 at 9:11 AM, Juraj Sakala [email protected] wrote:
Klaubert,
do you plan elasticsearch support as a parallel backend to MySQL? Nowadays I am working on log management solution for my company based on logstash, elasticsearch and kibana. It works quite well, but I am missing modsec output in the central log storage. I play with idea where I store these events in the database and in the elasticsearch as well. The waf-fle event parser suits to my requirements, so only one thing needed to be done is parallel output to the database and to the elasticsearch. I think it shouldn't be big deal. What is your opinion? Personaly, I am sure, that this could be good and valuable feature for a lot of security admins.
Best regards,
Juraj
Reply to this email directly or view it on GitHub https://github.com/klaubert/waf-fle/issues/25#issuecomment-52299450.
Klaubert,
exporting events to the SIEM (or log management) is that I mean. I will try to do something like working PoC (if I would have enough time), where events will be forwarded to the elasticsearch directly or to the logstash in some way. I have idea how to do it, but my programming skills in PHP are still faint, so maybe your help could be desirable (at least code reviewing and mistakes fixing). I will inform you about how are things going.
Best regards,
Juraj