-
Notifications
You must be signed in to change notification settings - Fork 0
GSoC2015 Proposal: Syslog ng as a command line tool(mahmoodm2)
The syslog-ng daemon is a well-known highly scaleable logging solution which is widely used in creating the centralized logging solutions. It can process logs from different sources, apply different filters and rules on collected logs and send them to different destinations. All of these are supported on different platforms, leading to a remarkable and undeniable choice for many system and network administrators. The syslog-ng is running as a daemon but there are some situations having a command line tool to simulating the whole process could be very useful. In these cases the syslog-ng user can inject the logs using the standard input device(command line) and see the results ( by applying the rules or filters read from configuration file) in the standard output too. This proposal aiming this goal.
The goal of this project is implementing a standalone command-line tool to transfer log read from command line (stdin) and showing the results on the screen(stdout).
- This command-line tool should be able to process the features of syslog-ng in a form of command-line.
- It should be implemented using C/C++ languages.
I had an experience of contributing in developing a SIEM tool for collecting logs from IDSs and send them to a central processing unit for correlation using syslog and IDMEF. During that project I got familiar with syslog-ng and its capabilities, and know with this project I can significantly improve my knowledge and skills and contribute in a project which is used much more widely. This also can improve my skills in C/C++ programming by building a reliable and efficient tool.
To implement this project my first preferred IDE is Eclipse ( I currently use it for Java/JSP/Servlet and plug-in development for Eclipse).On of the challenging part of the project would be the unit testing phase to cover as much as different conditions a command line tool would encounter with.
- May(2 weeks) :
* Reading and reviewing the syslog-ng documentations and architecture and configuration file.
* Getting familiar with syslog-ng code structure, main classes,data types, log pipelines, source/destination drivers ,log structure and route of a log message
* Compiling the source code and getting familiar some useful libraries and components such parsers
* Discussing with project mentors about the more detailed scope, deliverables and functionalities of the project
* Preparing a more detailed tasks, deliverables and scheduling of the project - May-June ( 3 weeks): * Designing a standalone application with basic syslog-ng functionalities, the plug-in skeleton can be used here, to figure out how a daemon style system could be used as command line tool. And also revisiting the syslog-ng configuration file and basics of flow-control, different source/destination and parsing mechanisms. * Implementing the basic standalone application features ( implementing the stdin source and stdout destination, source/destination drivers). Because the stdin is controlled by the user, so a synchronizing mechanism ( fetch, control window or fifo size, ...) to ensuring that no or minimum loss of information happened, may be required. * Writing and running the unit tests and fixing bugs * Getting feedback from the mentor and redefine and modify the next phase details
- June-July( 5-6 weeks) * Designing the remaining functionalities of the system ( processing the filters and rules and other features of syslog-ng including the patterndb and more complex features of configuration file) and test scenarios. * Implementing the system to cover more configuration file parameters (based on the scope of the system) and designed test scenarios. * Writing and running the test cases, unit tests and fixing the bugs * Getting feedback from the mentor and redefine and modify the remaining details
- July-August (2-3 weeks) * Integrating all the codes, some code modofications and fixing the bugs * Revisit all the codes and make annotation on important or hard to understand code * Applying some code polishing * Deployment
Availability I will be able to commit 20-30 hours per week on May, and also 40( even more if required) hours per week from June to August.I don't have internship.
I am a graduate student pursuing the software and information systems major in the University of North Carolina at Charlotte(UNCC) who expect to graduate in 2017. I am also one the contributors of the OWSP ASIDE project which is an open source project about interactive static analysis to help the developers find and remove the security bugs during the development time.I had years of developing softwares in different areas in different languages as Java and C#. I mainly use Mac OS X and Ubuntu. I have experiences in software development as team member or coordinator. Currently I am programming in Java ( both for assignments and ASIDE project) and C# and some times C. I am also studying about using the unit testing for security purposes. I had an experience of working with log management systems to develop a SIEM system to collecting, normalizing and correlating the logs from different sources such as IDS or network firewalls and during this project I got familiar with syslog-ng and its capabilities.
Hopefully this project can improve my skills in software design, implementing and testing by contributing in real world and industry used open source project.