IPFC is software and a framework to monitor multiple types of agents in a heterogeneous distributed environment. Agents can implement logging of elements as diverse as packet filters (like netfilter, pf, ipfw, IP Filter, checkpoint FW1, etc.), NIDS (Snort, arpwatch, etc.), Web servers, and other general devices (from syslog-servers to embedded devices). It features log collection for different security "agents", dynamic log correlation possibilities, and easy extensibility due to the generic database and XML message formats used.
|Tags||Internet Log Analysis Security Monitoring Networking Firewalls Systems Administration|
|Operating Systems||Windows POSIX Unix|
|Implementation||Perl SQL Unix Shell|
Release Notes: ipfc-1.0.4 features the introduction of Object Orientation. There are classes for Events, EventGroups, and LogUnits, as well as database interaction. All log-parsing is now performed using classes with a standard interface. Two correlation modules were added: Simple, which tries to correlate everything, and WithContext which is context-dependent.
Release Notes: This release has preliminary support for security advisory processing. It also contains a new unified logging system, and various frontend fixes. Basic alerting functionality has been added.
Release Notes: IPFC can now use and generate HMAC-SHA1 authenticated XML messages. A "mon" wrapper was added. Some bugs were corrected.
Release Notes: The XML data transport format has been changed to be more space-efficient. "Transport" types were added, which decouple the message transport mechanism from the applicative content of the message. (Think of apache logs sent through syslog).
No changes have been submitted for this release.