SRLM

Features	SRLM	NFR NID	SWATCH	LogWatch	Snort	SHADOW	SAFEsuite SLM	Echelog

Client Utilities:
Identify Logs	X	X	X	X	X		X	X
Collect Logs	X	X	X			X	X	X
Public Key	X					X	X	X
Private Key	X						X	X
Forward	X	X	X			X	X	X
Daemon	X	X	X		X	X		X
Additional Hardware*		X				X
Additional Software*		X				X	X


Server Utilities:
Collect Logs	X	X				X	X	X
Authenticate	X					X	X	X
Decrypt	X					X	X	X
Analyze	X	X	X	X	X	X	X
Archive	X	X	X			X	X	X
Additional Hardware*
Additional Software*


Analysis:*
Full Log	X	X	X	X		X	X	X
Header scan					X


Alerts:
Audio Alert		X	X		X		X
Visual Message	X	X	X	X	X	X	X
Generated Report		X		X		X	X


Framework:*
Dedicated Server	X	X	X			X	X	X
Remote Access	X	X					X
Dynamic	X			X	X	X	X
User-defined filters	X	X	X	X	X	X	X	X


Compatibility:
Win32		X			X		X
Linux	X		X	X	X	X		X


Commercial		X					X
Open Source	X		X	X	X	X		X


Notes:
Additional Hardware is the necessity for some hardware, other than the original Client/Server system, to perform
	Client-side/Server-side actions.
Additional Software (Client) is the necessity for some software, other than the Daemons running in the background,
	to perform Client-side actions.
Additional Software (Server) is the necessity for some software, other than the main program, to execute any part of the
	Server-side actions in cryptology, analysis, or archiving.
If analysis includes both Full Log reading and Header scanning, only Full Log is marked (the header is part of the log).
Framework includes both the visual application for the administrator AND the related network architecture.

Comparing SRLM