Octopussy (software)

[3] Therefore, software like Octopussy plays an important role in maintaining an information security management system within ISO/IEC 27001-compliant environments.

Octopussy has the ability to monitor any device that supports the syslog protocol, such as servers, routers, switches, firewalls, load balancers, and its important applications and services.

Although Octopussy was originally designed to run on Linux, it could be ported to other Unix variants like FreeBSD with minimal effort.

Although Octopussy is free and open-source software it has a variety of characteristics also found in some professional enterprise applications like Splunk, SAWMILL or Kiwi Syslog.

At the time of writing, Octopussy comes with the following set of features: Some of the (meta-)services supported by/known by Octopussy are: Apache 2, BIND, BSD Kernel, BSD PAM, BSD System, Cisco Routers (ASR), Cisco Switches, ClamAV, DenyAll Reverse Proxy, DRBD, F5 BigIP, Fortinet FW, HP-Tools, Ironport MailServer, Juniper Netscreen FW, Juniper Netscreen NSM, LDAP, Linux AppArmor, Linux Auditd, Linux IPTables, Linux Kernel, Linux PAM, Linux System, Monit, MySQL, Nagios, Neoteris/Juniper FW, NetApp NetCache, Postfix, PostgreSQL, Samba, Samhain, SNMPd, Squid, SSHd, Syslog-ng, TACACS, VMware ESX(i), Windows Snare Agent, Windows System, Xen ...[7] Events receivable from services and thus processible by Octopussy include: The software requires RSYSLOG installed on the syslog-server and expects systems that are monitored to run one of the numerous available syslog services, like e.g. syslogd/klogd, RSYSLOG or syslog-ng.

This means that the engine records and thus knows its internal state, but only uses it to some extent to link together logically related elements for the same device, in order to draw a conclusion (i.e. to generate an alert).

In that regard, the device setting "asynchronous" is helpful to process such log messages, after they were sent to an Octopussy server using e.g. FTP, rsync or SSH/SCP.

Hence, the interface (Octo-Web) mainly provides access to other Octopussy core components like Octo-Commander, Octo-Message-Finder, Octo-Reporter and Octo-Statistic-Reporter.

Since the generation of such graphs is very resource intensive administrators may opt to disable it on an Octopussy syslog server with a less powerful CPU and a low amount of RAM.

After a restart of the Octopussy software or during operation, Octo-Dispatcher and Octo-Parser will always process syslog messages in their buffer and queue first and RRD graph generation is delayed.

[17] Octo-RRD further depends on Octo-Scheduler, to execute the Octopussy::Report function in order to generate syslog activity RRD graphs, that have been scheduled previously.

A screenshot of the Octopussy web-interface displaying a dashboard with the most important aggregated information.
The dashboard page in Octopussy 0.9.4+ (2007-2014)
A screenshot of the Octopussy web-interface displaying the alert viewer with present incident alert messages.
The alert viewer page in Octopussy 0.9.4+ (2007-2014)
An image that displays the architecture of the Octopussy software including its most important components.
Architecture of Octopussy 1.0.14 (2014)
A screenshot of the Octopussy web-interface displaying an RRD graph with cumulative device message data.
An RRD graph page in Octopussy 0.9.4+ (2007-2014)