Netlog is no longer being maintainted. The source code and all information on Netlog is still available below.
Netlog is a set of intrusion detection network monitoring tools. The tool contains both a TCP and UDP traffic logging system. Also included is the Netwatch tool which monitors certain TCP/IP services for activity that indicates possible intruder presence. It is intended not only as a generic intrusion scanner, but also as a complement to the drawbridge filter package.
The following programs are included:
tcplogger - Log all TCP connections on a subnet
udplogger - Log all UDP sessions on a subnet
extract - Process log files created by tcplogger or udplogger
netwatch - Realtime network monitorAll three programs require an ANSI C compiler. Tcplogger and udplogger use the SunOS 4.x Network Interface Tap (nit) or SunOS 5.x Data Link Provider Interface (DLPI).
To build the programs:
- Edit the Makefile to select for SunOS 4.x or SunOS 5.x (Solaris)
- Enter 'make'
You will end up with binaries in the 'bin' directory.
If you are using 'gcc', do not turn on optimization for tcplogger or udplogger. Also, if 'fix-includes' was not run, then you must use the '-traditional' flag. To be safe, use it anyway.
The latest versions of these programs (sans netwatch) are available from:
www.net.tamu.edu/ftp/security/TAMU