About

F-Deets is a tool for network administrators, it gathers and analyzes log messages. It provides the means to quickly analyze and extract data from multiple system- and device logs. With F-Deets you can access and analyze any subset of collected logs through either default or user-defined filters.

Currently log messages generated by the following systems are supported:

  • Juniper ScreenOS (Netscreen - SSG and ISG family of firewealls).
  • Juniper JunOS (SRX, EX, MX, J routers device series)
  • CISCO ASA
  • PaloAltoNetworks PA- family
  • McAfee Enterprise Firewall (former SecureComputing Sidewinder G2)
  • define your own syslog parsing rules (see documentation section for rule creation manual)
  • other firewall platforms  will be coming soon!

general view

Features

Data Acquisition

  • Gathers syslog data from multiple sources.
  • Data is collected directly from the network by syslogd or from log files
  • Under Windows f-deets uses bulit-in syslog server
  • Under Linux standard syslogd, rsyslog or syslog-nd may be easily integrated
  • Log rotation supported - change in uploaded file will be detected; tail mode and read-restart (after log-file ratation) are both supported

Data analysis

  • Filter and analyze log data.
  • Autonomous GUI client can connect to multiple f-deets servers
  • Multiple connections and views with different privileges may be defined

Data visualization

  • Navigate the event grid and event-details
  • Define custom filter - based on IP-s, time, event types, and other parameters
  • Compare events (highlight differences)
  • Tail mode
  • HTML and CSV reports
  • Graphs  of filtered and aggregated event counters

GUI

  • Windows application with a simple installer
  • English and Polish language versions

Security

  • All network traffic between the GUI and server, including autorization information is encrypted, SSL is always used end-to-end
  • A standard PKI certificate is used to authorize the GUI to the server
  • All user passwords are stored in a secured hash file

Platform and system support

  • Supported firewall platforms: Juniper SSG & ISG (ScreenOS), Juniper SRX, EX, MX, J-series (JunOS), PaloAltoNetworks PA-* and  more coming...
  • Parser rulesets for other log event formats may be created by the user
  • Suported under MS Windows XP and Windows 7 32/64 bit and Linux (GUI - Windows only)
  • Linux support includes: Red Hat Enterprise Linux 5.1 32bit; CentOS 5.5 32/64 bit;  Gentoo 64bit
  • Simple setup with windows installer and configuration wizard

Architecture

F-Deets comprises of five major components:

  • server,
  • parser,
  • syslog,
  • client GUI ,
  • services monitor.

Syslog listens for new messages, parser analyzes them and stores them within a database, server handles network communication with client, which is the user's main tool for accessing the log messages. Services monitor is a small application which resides in the system tray and shows the F-Deets services status.

 

architecture scheme

F-deets architecture

 

Scaleability

F-deets uses SQLite databses to store parsed log files, the database files are rotated on the time and size criteria. The server uses multiple databases, so the only practical limit for log space size is the size of the available filesystem. The server is able to parse 150-200 syslog events per second on an entry level desktop-PC platform.