Open Source Security Tools for the Security Professional
Home Projects Mailing Lists General Contact Us

Harvester Project

The Harvester system allows security professionals to develop and deploy site message logging and monitoring in a quick, uniform and simple manner. The open source project for Harvester will be jumpstarted based on the existing software developed by, Inc. The current code-base in production has processed in excess of 100 million events in a single month. Initial focus is on delivering a quality, high performance processing core. Maximum benefit can be realized only with the addition of modules such as interfaces, advanced analysis routines, advanced reporting, etc.

Initial development activity will be focused on cleaning the existing code-base, separating core engine functions and packaging code into extensible plug-in modules.


Harvester is currently based on the following open source tools: OpenBSD, Linux, Mysql, Apache, PHP, Zope, Perl, Python, Sabernet, Jpgraph, Snort, Nessus, Whisker.

The core engine provides near real-time data collection from host systems (web, mail, etc.), network infrastructure systems (router, switch, DNS, PDC/BDC, etc.) and security infrastructure systems (firewall, HIDS, NIDS, VPN, etc.).

Robust consolidation is provided through a centralized database repository. The scoring system provides for standardizing event priorities across different system types and can be used for customizing scores for specific environments. A separate plug-in module provides automation of audit trail archiving.

Project Focus

The Harvester Project will initially focus on providing the core technologies required to build a scalable event collection & correlation system. Future enhancements will focus on user interface and integration issues.

Future Direction

Comprehensive analysis will be provided across several modules: Correlation, Vulnerability Management and Event Management modules. The Correlation module will provide advanced event detection. The Vulnerability Management module will combine system testing with vulnerability alerts. The Event Management module provides ticket creation, escalation, tracking and reporting capabilities.

Copyright © 2005, Inc. - All Rights Reserved.
Last modified: January 01, 1970 00:00:00 UTC