Sorry for the repost, but one of the list moderator asked for only a resume,so I thought the other lists might be the same. You can get the full paper at one of my websites. LogAgent 2.1, log file recollection tool By Floydman, floydian_99at_private August 11th, 2002 This paper is available online at www.geocities.com/floydian_99 and http://securit.iquebec.com This paper can be freely distributed and reproduced, as long as correct credentials are maintained, and that no modifications are made to this file. For corrections, suggestions or comments, please send me an e-mail. Abstract The goal of this paper is to present LogAgent 2.1, a tool made in Perl for recollecting log files from various applications and various machines into a central location in (almost) real-time, in order to improve the administrator's network activity awareness. Preface It has been mentionned many time by me and my others that centralization of log files is crucial is network administration is we take security seriously. These log files could be produced by antivirus engines, personal firewalls, download managers, or even the command prompt history (using ComLog). When comes the time to choose computer security tools, one of the most important feature should be the ability to centralize the information contained in the log files. This allows for quicker understanding and better response from the admins, ans it prevents the evidence from being tampered by a potential intruder. So because of this, somehow good products could be overlooked simply because they fail to provide this single feature, and sometimes this leads to purchasing a product that offers (and sells) many other features not necessarily needed, or products that are not as flexible as desired when comes the time to make it work on your environment. In order to resolve this, I programmed LogAgent, now at version 2.1, which is an agent that you can run on all your Windows machines to monitor the log files of various unrelated applications and to redirect any new input made to these files to one or many central locations (a shared directory on one of your servers or admin station). Targeted audience This document is presented to anyone who has interests in computer security, NT/2K Administration, computer monitoring, intrusion detection, Perl programming and computing in general. Table of contents 1. What is LogAgent? 2. History behind LogAgent 3. Version History 4. Known issues 5. To install 6. Source code 7. Sample config.txt 8. sample mondir.txt 1. What is LogAgent? LogAgent is a piece of software made in Perl designed to monitor ascii log files and redirect any change made to it to a central location. The purpose of this is to add flexibility in some security (or other) applications on the choice of destination folder for the log files. The ability to specify your own destination folder for log files could be a crucial requirement in your specification for a security software, and good products can be overlooked simply because they lack this single feature. LogAgent tries to fill that gap by monitoring the log files on the local machine, and then redirects any new line appended to it to the destination of your choice, either on another folder on the same machine or to a remote server for network-wide log file centralization. ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Aug 15 2002 - 05:00:36 PDT