IPFC
IPFC is software and a framework to monitor multiple types of agents in a heterogeneous distributed environment. Agents can implement logging of elements as diverse as packet filters (like netfilter, pf, ipfw, IP Filter, checkpoint FW1, etc.), NIDS (Snort, arpwatch, etc.), Web servers, and other general devices (from syslog-servers to embedded devices). It features log collection for different security "agents", dynamic log correlation possibilities, and easy extensibility due to the generic database and XML message formats used.
| Tags | Internet Log Analysis Security Monitoring Networking Firewalls Systems Administration |
|---|---|
| Licenses | GPL |
| Operating Systems | Windows Windows Windows POSIX Unix |
| Implementation | Perl SQL Unix Shell |
Recent releases
- 03 Apr 2002 08:10
Changes: ipfc-1.0.4 features the introduction of Object Orientation. There are classes for Events, EventGroups, and LogUnits, as well as database interaction. All log-parsing is now performed using classes with a standard interface. Two correlation modules were added: Simple, which tries to correlate everything, and WithContext which is context-dependent.
- 01 Feb 2002 13:08
Changes: This release has preliminary support for security advisory processing. It also contains a new unified logging system, and various frontend fixes. Basic alerting functionality has been added.
- 14 Jan 2002 09:39
Changes: IPFC can now use and generate HMAC-SHA1 authenticated XML messages. A "mon" wrapper was added. Some bugs were corrected.
- 27 Dec 2001 09:47
Changes: The XML data transport format has been changed to be more space-efficient. "Transport" types were added, which decouple the message transport mechanism from the applicative content of the message. (Think of apache logs sent through syslog).
- 17 Dec 2001 16:51
No changes have been submitted for this release.
