I have placed the following file available for download which is a syslog listener which dumps the messages in a database stripped in... 1. Timestamp 2. Source IP address 3. Message... and then dumped to a fairly high-speed ISAM database http://www.sacs.co.za/Download/SACSsyslogd.zip When the application is started for the first time the syslog.dat and syslog.idx will be created. When the application is active it has a listener which intercepts syslog (514/UDP) and dumps it in the database. This application is a work in progress and the first step to a complete log collator with a database backend which will finally be a SQL92 compliant database which can handle large scale systems. I am placing on the list to get just some feedback and pointers of what users would like to see. I have the following attributes which is the one of the deliverables. Listener and log collator for: - syslog messages - SNMP traps - Windows NT event logs - Firewall logs Features - UDP and TCP receivers for low overhead and guaranteed delivery - Reports printed to PDF (without Adobe), HTML, XLS... - Runs on Windows NT/2000/XP Objective (Final) - Scalable high speed and high performance log collator - at least 1000 concurrent connections - High protocol throughput using multi threaded daemons - Multiple agents forwarding to central log collator Please note this a an alpha release and changes will be frequent and depending on testing and feedback. Suggestions are welcome... Best Regards Mervin Pearce (CISA, CISSP) Security Audit and Control Solutions http://www.sacs.co.za mervinat_private _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Wed Aug 27 2003 - 18:54:49 PDT