This paper can be freely distributed and reproduced, as long as correct credentials are maintained, and that no modifications are made to this file. For corrections, suggestions or comments, please send me an e-mail.
You can find it online at
http://securit.iquebec.com
The goal of this paper is to present LogIDS 2.0, a graphical console program made in Perl for analyzing application logs in real-time in order to detect illicit activity and prevent intrusion attempts on the spot. This is done so by analyzing a variety of log files, one of LogIDS strength being its easy customization and the fact that it tries to be as vendor-independent as possible, even tough it is perfectly suited to work with LogAgent 5.0 for collecting and centralising your logs for LogIDS. The use of the SécurIT Intrusion Detection Toolkit (SIDTk) 1.0 also enhances LogIDS capabilities at detecting intrusions. For each log file you want to monitor with LogIDS, you get to specify each field value, set rules that triggers on conditions posed on these fields, and the output is displayed in a graphical representation of your network map for easier understanding of the "big picture" when the sky seems to be falling. LogIDS Pro have an improved rule matching algorithm for better performance, and icons on the network map are actually buttons that pops-up a bigger viewing window for the host/subnet concerned. LogIDS 2.0 also benefits from distributed log analysis when used with LogAgent 5.0 Pro.
I would like to thank those who believed in me for providing the support I needed to complete this project. I would also like to thank those who did not believe in me for providing me with a reason to keep working on it.
This document is presented to anyone who has interests in computer security, intrusion detection, antivirus, firewalls, forensics, NT/2K Administration, computer and network monitoring, Perl programming and computing in general.