-
Compatibility with the "legacy" logging facilities and facility/severity
codes of current UNIX implementations;
-
The ability to apply pre-written message parsing templates
to messages, akin to the "distillation" process used by Lire http://www.logreport.org/
but performed in real time;
-
The ability to identify and report messages which were not
parsed (possibly indicating an obsolete template and/or a software problem);
-
The ability to access all information associated with a log
message and the process that generated it -- including the identity of
the program, effective user and group ids, facility and severity codes,
point of origin (if not on the local system), etc.;
-
Accumulation of statistics (e.g. number of e-mail messages
received from a specific user or IP address) for use in rules;
-
The ability to correlate log messages and statistics produced
by different applications, e.g. a POP server and an SMTP server;
-
The ability to generate one or more periodically refreshed
displays (e.g. bar graphs) based on log statistics;
-
The ability to query external databases such as DNS blacklists;
-
The ability to maintain, save, and restore internal databases
(e.g. of blocked hosts and times at which they were blocked) and report
their contents at runtime;
-
The ability to "fire" rules at specific times or intervals
as well as in response to messages;
-
The ability to send log messages to, and accept them on or
from, arbitrary UDP or TCP ports;
-
The ability to log to another machine via an encrypted connection
(e.g. through SSH or SSL);
-
Stronger authentication than that implemented in current
versions of syslogd (most of which use source IP address
and port number);
-
Flexible notification facilities, including the ability to
send notices via e-mail, pager, IRC, and instant messaging systems;
-
The ability to issue commands to firewalls, routers, bridges,
managed hubs, and remote power controllers; and
-
The ability to allow or deny users access to facilities (e.g.
by changing group memberships, changing a user's login shell to /etc/nologin,
or removing and restoring passwords).
|