1. ALOIS Project Documentation
1.1. Purpose of this document
- This is the documentation for the ALOIS project. This document contains information on why ALOIS was created, how this was done and gives hint on what ALOIS could become if developed further.
- As a result of the project, there is a software system called ALOIS, which is documented in a "Technical Documentation".
- For using ALOIS, please refer to the "User Documentation"
- Descriptions on how ALOIS is used in individual environments are described in documents from these environments, and these documents do not belong to ALOIS ot the ALOIS project.
2. Project Description
2.1. Starting Situation
ALOIS is made for
- receiving and storing event logs
- analyzing log events and generating alerts based on the analysis
- producing statistics and reports on the events.
2.1.1. Everything is an event, and can be logged
The inner workings of computer systems are nothing but series of events, be it incoming or outgoing e-mails, user logins, system messages, success or failure conditions. Most systems in modern computer networks are capable of producing logs for all these events, and for many more.
In default setups, logs are disabled, or logs go by unnoticed and are deleted on a regular basis. This is because logs only note what is happening anyhow, logs take up space and maybe everything works fine, so why keep them? However as soon as systems do fail, or already when there is a doubt as of the correct functioning, logs become very valuable. Determining system states and failure conditions is hardly possible without having event logs.
Collecting logs centrally allows for coordinated storage and retrieval of these logs, and enables short- and long-term retrospective analysis of these logs. Their consolidation reduces the amount of log information spread among hosts and lowers the storage capacity requirements of individual hosts. Analysing these logs by comparing selected event notes from various sources allows the detection of major and distributed failures and failure paths. Logs are also a great source of statistics. So logs, are, in effect, the real insight into the events inside computer systems.
2.2. Project Vision and Goals
- The ALOIS project aims at integrating the splendid Open Source Security Information Manager OSSIM with a Log Reception, Storage, Analysis and Reporting Tool, based on MySQL.
- ALOIS is Free Software and is GPL-licensed.
- As free software, ALOIS development is aimed at Collaboration and Integration of foreign work (as fas as fesaible and legal)
2.2.1. Receiving and storing the event logs
One of the ideas behind ALOIS is getting all of the event logs, filtering them and storing them centrally. This is the data "reaping" or data "collection" part.
2.2.2. Analyzing log events and generating alerts based on the analysis
- Generating filters
- Setting up alarms
2.2.3. Producing statistics and reports on the events.
- An image says more than a thousand word. Events need to bo formatted as pictures.
- Statistics are needed for the discovery of trends and system failures
- Alarming is necessary to inform those who can help.
2.3. Strategy
3. Project Process
4. Milestones and Prereleases
5. Tools
6. Standards and Guidelines
7. Project Organisation
8. Project Plan
9. Quality Assurance
10. Risk Management
11. Configuration Management
12. Project Surroundings
13. Security