This paper is available online at www.geocities.com/floydian_99 and securit.iquebec.com
This paper can be freely distributed and reproduced, as long as correct credentials are maintained, and that no modifications are made to this file. For corrections, suggestions or comments, please send me an e-mail.
The goal of this paper is to present LogAgent 2.1, a tool made in Perl for recollecting log files from various applications and various machines into a central location in (almost) real-time, in order to improve the administrator's network activity awareness.
Preface
It has been mentionned many time by me and my others that centralization of log files is crucial is network administration is we take security seriously. These log files could be produced by antivirus engines, personal firewalls, download managers, or even the command prompt history (using ComLog). When comes the time to choose computer security tools, one of the most important feature should be the ability to centralize the information contained in the log files. This allows for quicker understanding and better response from the admins, ans it prevents the evidence from being tampered by a potential intruder. So because of this, somehow good products could be overlooked simply because they fail to provide this single feature, and sometimes this leads to purchasing a product that offers (and sells) many other features not necessarily needed, or products that are not as flexible as desired when comes the time to make it work on your environment. In order to resolve this, I programmed LogAgent, now at version 2.1, which is an agent that you can run on all your Windows machines to monitor the log files of various unrelated applications and to redirect any new input made to these files to one or many central locations (a shared directory on one of your servers or admin station).
This document is presented to anyone who has interests in computer security, NT/2K Administration, computer monitoring, intrusion detection, Perl programming and computing in general.