RE: IDS Correlation
From: Marcus J. Ranum (mjr@nfr.com)Date: 03/28/02
- Previous message: Andreas Krennmair: "OpenSource NIDS"
- In reply to: Matthew F. Caldwell: "RE: IDS Correlation"
- Next in thread: Àî»Ô: "Re: RE: IDS Correlation"
- Maybe reply: Àî»Ô: "Re: RE: IDS Correlation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 28 Mar 2002 11:33:19 -0500 To: "Matthew F. Caldwell" <mattc@guarded.net>, "Jared A. Tucker" <jared.tucker@terradon.com>, <eddonega@WellsFargo.COM>, "Keith T. Morgan" <keith.morgan@terradon.com> From: "Marcus J. Ranum" <mjr@nfr.com>
Matthew F. Caldwell wrote:
>XML is great but bloated
Just like everything, it can be overengineered. The concepts
aren't awful, though. The stuff I've been doing with fargo
uses a subset of XML - which should work through an XML parser
but that only uses a minimum of tags, etc. The reality of them
matter is that you're going to need some kind of record delineation,
whether it's commas, newlines, attr=value, or whatever.
Otherwise you've got to crush everything into text and then have
a de-parser on the other side. Considered otherwise, that's
basically the same thing as doing a compression/decompression
process (only harder to implement!) on the data. In other words,
I don't think you can win this fight and the correct tool(s) to
make the problem go away are found in compression algorithms,
not in simpler (or more complex!) markup schemes.
mjr.
--- Marcus J. Ranum Chief Technology Officer, NFR Security, Inc. Work: http://www.nfr.com Personal: http://www.ranum.com
- Previous message: Andreas Krennmair: "OpenSource NIDS"
- In reply to: Matthew F. Caldwell: "RE: IDS Correlation"
- Next in thread: Àî»Ô: "Re: RE: IDS Correlation"
- Maybe reply: Àî»Ô: "Re: RE: IDS Correlation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
