- Is a behavior/anomaly/signature-based syslog intrusion detection system
- Detects new unknown attacks via anomalies in syslog
- Fits comfortably in heterogeneous Unix/Linux/BSD environments at the core of a central syslog server
- Generates its own signatures
- Can email anomalies with included generated signatures in to administrators to ignore future similar events
Please see http://devialog.org/ for further information and documentation