[TOOL] The Logging Project

From: support@securiteam.com
Date: 07/24/02

From: support@securiteam.com
To: list@securiteam.com
Date: Wed, 24 Jul 2002 09:00:45 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  The Logging Project


The <http://condor.gmu.edu/~jason/logging/> Logging Project was born out
of a need for secure, centralized, fault tolerant, real time logging. The
task of monitoring several hosts can be tedious and frustrating when logs
are not stored centrally. Syslog replacements do not suffice, because
system logs are only part of the package. Web servers, IDS and other
application specific logs are of equal interest to the administrator.
These replacements seem like overkill because they often reinvent the
wheel and complicate the issue of simply logging messages. TLP deals
solely with the problem of gathering logs in a central place securely. It
attempts to deliver messages at all costs and will withstand network
outages and host failures (within reason).

TLP is a modularized and much improved re-write of salt. Each separate
role salt performed was identified and implemented as a stand-alone
program. The collection of these tools provide a much more robust and
flexible architecture allowing for message selection, mutation, and

Supported Features:
 * TLSv1 between client and server (OpenSSL)
 * Monitor any text file in real time
 * Centralized logging to regular files (demux)
 * Centralized logging to syslog (syslate/stale/streamlog)
 * Firewall friendly
 * Message queuing when tunnel is offline (sptc)
 * Limited queue growth (sptc)
 * Fault tolerant flushing of queue when tunnel connection is resumed
 * Client authentication of server certificate (sptc)
 * Stateful monitoring of log files (stale)
 * Handles log rotation/truncation/removal gracefully (stale)
 * Tunnel data compression (bzip/gzip)
 * Message mutation/selection (grep/perl/awk)
 * Runs on several UNIXs


The tool can be downloaded from:

The information has been provided by <mailto:jason@condor.gmu.edu> Jason


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com


The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages

  • RE: [fw-wiz] Log checking?
    ... tend to evaluate where and what logging is important in a different light. ... I've been happy to analyze a year's worth of firewall denied logs, ... have denied firewall traffic logs or denied logs with any relevant data. ...
  • Re: Login Errors Seem to indicate we are being hacked?
    ... thing on the box using that authentication package. ... The SMTP or IIS logs should answer everything. ... I'm not familiar with that particular router or its logging capabilities, ...
  • Re: Logging Best Practice?
    ... a lot depends on who's going to read the logs. ... lookup where the log line originated and look at the program flow. ... I usually implement logging in a way the user can choose the logging level ... Those are ment for checking if the ...
  • Re: Need help finding tools to diagnose SBS/Exchange prob...
    ... Its logging is fairly limited, ... Then there's the SMTP logs. ... messages explaining why the receiving servers would not accept mail. ... Most advice around this says that maximum logging degrades Exchange ...