You can distribute this document freely, as long as no changes are made to the file, or as long as someone else does not pretend credit for it. All comments and suggestions about the material presented here should be directed at [email protected]. If future versions of this document include add-ons coming from other people than me, then proper credit to the various authors will be clearly identified. All version updates of this document are to be released by me.
You can find it online at http://www.geocities.com/floydian_99/
The goal of this paper is to present a tool made in Perl for recollecting log files from various applications and various machines into a central location.
Preface
When comes the time to choose computer security tools, one most wanted feature is the ability to centralize the information contained in the log files. Also, this prevents the evidence from being tampered by a potential intruder. So because of this, somewhat good products are overlooked because they fail to provide this single feature, and sometimes this leads to purchasing a product that offers (and sells) many features not necessarily needed, or products that are not as flexible as desired when comes the time to make it work on your environment. In order to resolve this, I programmed LogAgent 1.0, which is an agent that you can run on all your Windows machines to monitor the log files of various unrelated applications and to redirect any new input made to these files to a central location.
This document is presented to anyone who has interests in computer security, NT Administration, computer monitoring, intrusion detection, Perl programming and computing in general.