gg00 / sec Goto Github PK

SEC (Simple Event Correlator) 2.8.1

Introduction:
-------------
SEC is an event correlation tool for advanced event processing which can be 
harnessed for event log monitoring, for network and security management, for 
fraud detection, and for any other task which involves event correlation.
Event correlation is a procedure where a stream of events is processed, 
in order to detect (and act on) certain event groups that occur within 
predefined time windows. Unlike many other event correlation products which 
are heavyweight solutions, SEC is a lightweight and platform-independent 
event correlator which runs as a single process. The user can start it as a
daemon, employ it in shell pipelines, execute it interactively in a terminal, 
run many SEC processes simultaneously for different tasks, and use it in a 
wide variety of other ways.

Availability:
-------------
This program is distributed under the terms of GNU General Public License, 
and can be downloaded from http://simple-evcorr.github.io

Release Notes:
--------------
SEC has been tested primarily on Linux and Solaris, but since it is written 
in Perl and does not use any platform dependent subroutines, it should also
work on other OS platforms.
Because SEC is not tested against ancient Perl releases, it is recommended 
to run SEC with at least Perl 5.8 (see http://www.perl.org for the latest 
stable release). 
SEC uses Perl Getopt, POSIX, Fcntl, Socket, IO::Handle, and Sys::Syslog 
modules which are included in the standard Perl installation (the presence
of Sys::Syslog is optional). Since the 2.8 version, SEC also employs Perl
JSON module for producing dumpfiles in JSON format, but the presence of this 
module is optional.

Files in this package:
----------------------
COPYING - copy of GNU General Public License
ChangeLog - changes starting from version 1.0
README - this file
contrib - SEC user contributions
sec - SEC program
sec.man - SEC man page

Installation instructions:
--------------------------
Copy the SEC program and man page to appropriate directories, for example:
cp sec /usr/local/bin
cp sec.man /usr/local/share/man/man1/sec.1

Author: 
-------
Risto Vaarandi (ristov at users d0t s0urcef0rge d0t net)

Acknowledgments:
----------------
The author is grateful to SEB Estonia for supporting this work.
The author also thanks the following people for supplying software patches,
documentation fixes, and suggesting new features:
Al Sorrell, Brian Mielke, David Lang, James Brown, Jon Frazier, Mark D. Nagel, 
Peter Eckel, Rick Casey, and William Gertz.
Last but not least, the author expresses his profound gratitute to
John P. Rouillard for many great ideas and creative discussions that have
helped to develop SEC.