Sourcefire Launches New Open Source Logging Tool

Open source innovator and Snort creator, Sourcefire, Inc., a leader in network intrusion prevention, today announced the availability of Daemonlogger, an open source network traffic logging and "soft tap" tool.

"Daemonlogger is the latest example of Sourcefire's commitment to the open source community," said Martin Roesch, the original author of Snort and CTO of Sourcefire. "With the open source release of Daemonlogger we're able to provide a handy and easy-to-use tool for two simple tasks in the classic mold of UNIX tools that do a few things and do them well."

In response to regulatory requirements for improving security, many organizations are implementing procedures to log and store all network traffic for periods of up to seven years. Proprietary log management and security management tools provide logging and storage as one of many features. Often the cost and complexity of implementing these solutions forces organizations to delay or cancel critical IT projects. Daemonlogger provides an alternative to proprietary products that can be implemented quickly with minimal cost and resource commitments.

Daemonlogger was developed and released by Sourcefire to simplify the implementation of a traffic logging solution. Like its big brother Snort, the popular open source intrusion prevention system, Daemonlogger is at its core a packet sniffer that is capable of passively capturing network traffic logs and writing it to disk in PCAP format. Users have the option to retransmit packets on another network interface via Daemonlogger's "soft tap" feature.

Users may configure which packets are logged using BPF filters to ensure that only the traffic that must be logged is collected. Further, users may configure how frequently the log file is rolled based on either the size of the log file or the age of the file. The program can also run in a "ringbuffer" mode where it will rotate through a set number of log files. For example, if a user decided to log the last 24 hour's worth of activity they could specify that the log files roll every hour and that a ringbuffer of 24 files will be maintained.

Daemonlogger is licensed under the GNU General Public License (GPL) version 2. The source code is freely available at Under the GPL open source license, anyone may access, modify and redistribute the source code for Daemonlogger making it easy for users to modify the code to meet their specific needs or share enhancements and new features with the global community of network security professionals.