Client:

Default IP: Varied

Default Port: N/A

Rec. Message IDs: N/A

Sent Message IDs: N/A

Brief Description: A client is an instrumented system of a network. A cron job is run on some regular interval in which the monitored logs, which are set by a user of the GUI, are packaged in an XML messaging system, encrypted with a combination of AES and RSA encryption algorithms and randomly generated keys, and sent across a TCP connection to the collector. The client uses a log rotate configuration file (.lrc) generated by the GUI to determine which log files it is to monitor. Each time the client connects to the collector, it queries the server to determine if an updated log configuration file exists.

Collector:

Default IP: 127.0.0.1 (Can only be initially altered)

Default Port: 5000 (Cannot be altered)

Rec. Message IDs: N/A

Sent Message IDs: N/A

Brief Description: The collector is the first component of the SRLM application server. This module is responsible for communication with each of the clients of the system. It uses a threaded TCP connection to service each of the clients as efficiently as possible. The collector first checks for an update of the currently connected system's log rotate configuration file, then accepts the sent log files. The collector checks the digital signature to verify the authenticity of the sender then decrypts the sent data. A copy of the encrypted string is sent to the archiver for storage and additional query processing while the decrypted string is sent to the analyzer for analysis.

Archiver:

Default IP: 127.0.0.1 (Can be altered)

Default Port: 8083 (Can be altered)

Rec. Message IDs 3, 4, 12

Sent Message ID's: 5, 6, 7, 13

Brief Description: The Archiver is responsible for storing and locating filenames and data as is requested by the GUI. Initially, the Archiver stores the encrypted data strings in a directory structure in '/srlm/archive.' The files are then organized in directories identified by the clients' IP addresses. The filenames are created by concatenating the sender's IP address and a timestamp generated when the collector first receives the package. This allows the Archiver to uniquely identify the files. In addition to storing the encrypted strings, the Archiver also manages a file index which stores the log names from each encrypted package and its associated timestamp. This allows for faster access to this information and avoids continuous decryption. Depending on which information is required and which message is received, the Archiver queries the file system differently and returns different types of information. The Archiver may eventually be extended to a simple database to allow for more efficient access and more secure storage.

Controller:

Default IP: 127.0.0.1 (Can be altered)

Default Port: 8082 (Can be altered)

Rec. Message IDs: 0, 1, 2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 16, 17, 19, 20, 22, 23, 25, 27

Sent Message IDs: 0, 3, 4, 5, 6, 7, 9, 12, 13, 15, 18, 21, 24, 26, 28

Brief Description: The controller is responsible for the majority of message passing and logic in the SRLM system. It is the sole communication system between the instrumented systems and other server components to the JAVA GUI. The GUI is considered naive and maintains only temporary data. Depending upon the information which is to be displayed, the GUI sends messages to the Controller which either obtains or modifies the appropriate data or queries the other server components to achieve the desired functionality. Data is eventually sent back to the requesting GUI where it can be displayed to the user. The system is capable of maintaining several GUI's, each of which can query and alter information.

Analyzer:

Default IP: 127.0.0.1 (Can be altered)

Default Port: 8081 (Can be altered)

Rec. Message IDs: None

Sent Message IDs: 0

Brief Description: The analyzer is responsible for searching each log file to be monitored on each system for a single keyword, a regular expression, or a series of keywords in a period of time. These alerts are called triggers and are declared in the GUI. Triggers can be declared as Global, IP specific, or File Specific. A Global trigger is searched in every file from every instrumented system. A trigger declared as IP specific will only be searched on the client of that IP. Finally, a File Specific trigger will only be located on systems which monitor that log file. If a trigger is encountered, The GUI is alerted and it prompts the user to go directly to the file which contained the keyword or regular expression. If the GUI is not running when the trigger is encountered, various actions such as sending an E-mail to the system administer are taken.

Java GUI:

Default IP: 127.0.0.1 (Can be altered)

Default Port: 8080 (Can be altered)

Rec. Message IDs: 0, 5, 6, 7, 9, 13, 15, 18, 21, 24, 26, 28

Sent Message IDs: 1, 2, 3, 4, 8, 10, 11, 12, 14, 16, 17, 19, 20, 22, 23, 25, 27

Brief Description: The GUI component of the server is used primarily for setup and configuration of the server and instrumented systems as well as viewing the current status of the clients. The GUI displays the SRLM data by querying the rest of the server components with an extensive XML messaging system. Log Types, Trigger Types, Log Rotate Configuration Files, and system configurations can be created, updated, and/or deleted to allow system administers complete control over the monitored clients. Users of the GUI can also use it to view individual log files and any other preferences regarding the system. Any number of GUI's can be run to view or modify the system.