We would like to inquire regarding the development of a custom web console to overview statistical trends for our Software Firewall and Snort IDS.
The firewall is custom designed with a unique path layout (APF), it uses policy based rules that are distributed into various files (i.e: [url removed, login to view] [url removed, login to view] [url removed, login to view] etc...). All firewall logging is done to standard syslog kernel logs and in standard iptables format (with custom chain names).
Snort IDS is a network intrusion detection system that sniffs packets and matches them against a set of signatures in order to identify a specific type of traffic. There-in such signature events are logged to a syslog style log.
We are looking for is a web console that will correlate snort & firewall logs together into one unified console. The logs and events must be associated with eachother (i.e: matching source ip's etc...). Likewise the system MUST NOT require us to modify our firewall/ids setup - meaning we will not set them to log to a database hense a parser of some fashion will be required (the parser may use/store to mysql or any other facility - likewise with any other project component).
The parser must grab at the very least from iptable logs:
date, interface, flow, src ip, dst ip, src port , dst port, ip options, chain
And with regards too snort events, there is a alerts file that must be parsed for event title, severity, group, src ip, dst ip, src port, dst port and so on.
These events must then be presented visually by the web console and provide sort options by the various colums for easy high-level overview. Graphing would be prefered for some of the basic trend statistics such as # of events per IP over a moving period etc... I do not expect every shred of info to corralate between snort and iptables but rather just the common bits (ip info, port info etc).
1) Complete and fully-functional working program(s) in executable form as well as complete source code of all work done.
2) Deliverables must be in ready-to-run condition, as follows (depending on the nature of the deliverables):
a) For web sites or other server-side deliverables intended to only ever exist in one place in the Buyer's environment--Deliverables must be installed by the Seller in ready-to-run condition in the Buyer's environment.
b) For all others including desktop software or software the buyer intends to distribute: A software installation package that will install the software in ready-to-run condition on the platform(s) specified in this bid request.
3) All deliverables will be considered "work made for hire" under U.S. Copyright law. Buyer will receive exclusive and complete copyrights to all work purchased. (No GPL, GNU, 3rd party components, etc. unless all copyright ramifications are explained AND AGREED TO by the buyer on the site per the coder's Seller Legal Agreement).