9. Version history


In this chapter, I will detail the various changes that are present in the various incarnations of LogIDS so far, so you can keep track of its evolutive path.

LogIDS 1.0 Open Source : This is the first release of LogIDS, the barebones console upon which the other incarnations is built. Allows for a graphical network map to display logs, flexible filter and rules definition, and on the fly log analysis.

LogIDS 1.0 Pro : This is the commercial twin of the version presented above, which contained some extra features, like automatic displaying of ComLog logs in a separate pop-up window, automatic analysis of Event Viewer and Snort logs, and automatic analysis for the extra logs produced by LogAgent 4.0 Pro.

LogIDS 2.0 Open Source : Only change reported from LogIDS 1.0 Open Source is the moving of the directory logids\backup into logids\log\backup, for easier log storing and compatibility reasons when coupled with LogAgent 5.0 BACKUP rule. Most of the code gained from LogIDS 1.0 Pro that made it to the Open Source world is now part of the SIDTk 1.0.

LogIDS 2.0 Pro : Items removed and placed either in the SIDTk 1.0 of LogAgent 5.0 Pro: analysis code for the extra logs from LogAgent 4.0 (SIDTk), automated analysis of Snort logs (LA5Pro). Items added/modified from LogIDS 1.0 Pro: improved rule matching algorithm for better performance, availability of bigger viewing windows by clicking on the button (action icon) beside the network item regular viewing window, distributed analysis when used with LogAgent 5.0 Pro.

8. Graphical interface options
10. Practical case scenario