devialog 0.9.0
Sponsored Links
devialog 0.9.0 Ranking & Summary
File size:
0.018 MB
Platform:
Any Platform
License:
GPL (GNU General Public License)
Price:
Downloads:
841
Date added:
2007-07-09
Publisher:
Jeff Yestrumskas
devialog 0.9.0 description
devialog project is a syslog anomaly detection.
Main features:
- Is a behavior/anomaly/signature-based syslog intrusion detection system
- Detects new unknown attacks via anomalies in syslog
- Fits comfortably in heterogeneous Unix/Linux/*BSD environments at the core of a central syslog server
- Generates its own signatures
- Can email anomalies with included generated signatures in to administrators to ignore future similar events
Present log-based IDS:
Nearly all present log-based intrusion detection systems operate using a pre-defined known signature base, usually painstakingly created by hand. They can work well if the creator knows exactly all error and informational messages the software on a system(s) will write to syslog. Most overworked administrators wish there was an easier way to handle system logfiles in a sane, time-saving fashion. Present log-based intrusion detection systems have difficulty in detecting new attacks.
How devialog Differs:
devialog makes syslog parsing far less of a chore than it previously has been. It is functionally the inverse of standard log monitoring software. devialog, by default, reports on what is not know in its signature base, i.e. anomalous. This type of intrusion detection system is considered behavior-based, or anomaly detection. Reporting can be in the form of an email for each anomalous log, or an email for all the logs sent within a pre-defined time window. devialog can also execute commands, or simply write all anomalies to a file for periodical review.
Signature Creation:
For log-based anomaly detection to operate effectively, one must create an extremely large signature base. With an included utility, devialogsig, the signatures are created automatically. Future signature additions are as simple as a cut and paste from the alert email.
Usage: devialog.pl [-OPTIONS [-MORE_OPTIONS]] [--] [PROGRAM_ARG1 ...]
The following single-character options are accepted:
With arguments: -c
Boolean (without arguments): -d -h -v
Enhancements:
- Bug fixes include better handling of lines with some special characters.
- A timing error was fixed within alert generation: sometimes alerts would be sent inadvertently based on the timing of a new log arriving as an alert was sent out in specific high-volume log situations.
- Altered signature generation creates more exact regular expressions.
Main features:
- Is a behavior/anomaly/signature-based syslog intrusion detection system
- Detects new unknown attacks via anomalies in syslog
- Fits comfortably in heterogeneous Unix/Linux/*BSD environments at the core of a central syslog server
- Generates its own signatures
- Can email anomalies with included generated signatures in to administrators to ignore future similar events
Present log-based IDS:
Nearly all present log-based intrusion detection systems operate using a pre-defined known signature base, usually painstakingly created by hand. They can work well if the creator knows exactly all error and informational messages the software on a system(s) will write to syslog. Most overworked administrators wish there was an easier way to handle system logfiles in a sane, time-saving fashion. Present log-based intrusion detection systems have difficulty in detecting new attacks.
How devialog Differs:
devialog makes syslog parsing far less of a chore than it previously has been. It is functionally the inverse of standard log monitoring software. devialog, by default, reports on what is not know in its signature base, i.e. anomalous. This type of intrusion detection system is considered behavior-based, or anomaly detection. Reporting can be in the form of an email for each anomalous log, or an email for all the logs sent within a pre-defined time window. devialog can also execute commands, or simply write all anomalies to a file for periodical review.
Signature Creation:
For log-based anomaly detection to operate effectively, one must create an extremely large signature base. With an included utility, devialogsig, the signatures are created automatically. Future signature additions are as simple as a cut and paste from the alert email.
Usage: devialog.pl [-OPTIONS [-MORE_OPTIONS]] [--] [PROGRAM_ARG1 ...]
The following single-character options are accepted:
With arguments: -c
Boolean (without arguments): -d -h -v
Enhancements:
- Bug fixes include better handling of lines with some special characters.
- A timing error was fixed within alert generation: sometimes alerts would be sent inadvertently based on the timing of a new log arriving as an alert was sent out in specific high-volume log situations.
- Altered signature generation creates more exact regular expressions.
devialog 0.9.0 Screenshot
devialog 0.9.0 Keywords
Anomaly detection
Intrusion Detection
devialog
detection
Syslog
anomaly
signature
intrusion
devialog 0.9.0
Log Analyzers
Internet
Bookmark devialog 0.9.0
devialog 0.9.0 Copyright
WareSeeker periodically updates pricing and software information of devialog 0.9.0 full version from the publisher, so some information may be slightly out-of-date. You should confirm all information before relying on it. Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future development of devialog 0.9.0 Edition. Download links are directly from our publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
Featured Software
Want to place your software product here?
Please contact us for consideration.
Contact WareSeeker.com
Related Information
intrusion detection software
intrusion detection system
intrusion detection systems
network intrusion detection
intrusion detection and prevention
detection dogs
magnetic anomaly detection
kiwi syslog
early pregnancy detection
detection times
anomaly detection system
detection logic
dialog
syslog-ng
detection software
american leak detection
syslog ng
network anomaly detection
Related Software
Modell (Modular Extension Lisp Language) is an object-oriented, modular variant of the LISP programming language. Free Download
QEMU is a fast processor emulator. Free Download
SIDEN is a distributed network discovery tool used for intrusion detection research. Free Download
DGS Graph was created to provide an easy to install graphing script, capable of generating graphs for web presentation. Free Download
TripleA is a clone of the popular board game Free Download
Simulator 8085 is an 8085 µP simulator for KDE. Free Download
RenaissanceCore is a sophisticated analyzer of network traffic that detects intrusion attempts and also reduces false positives. Free Download
tpm4java is a library for accessing trusted platform modules in your Java applications. Free Download
Latest Software
Popular Software
Favourite Software
