|
A Rule Engine for State and Event Monitoring | ||||
  | |||||
Home |
About nodebrain.org This is the official web site of the NodeBrain Open Source Project. It is maintained by NodeBrain developers and hosted on SourceForge. Use this site for the latest NodeBrain information and downloads. Direct suggestions or questions about this site to www@nodebrain.org About the NodeBrain Open Source Project The goal of this project is to develop a small, flexible, reliable, and free rule engine for element state and event monitoring, to be used as a component in monitoring applications developed by others. The History of NodeBrain NodeBrain was originally developed in 1998 for Unix and Linux system monitoring. It started as an informal development project targeted first at lab and test systems, environments where a need for monitoring existed but where it was difficult to justify the expense of commercial monitoring products. In this application, the NodeBrain rule engine was the decision making component of a kit that included Perl scripts to obtain the state of monitored elements and respond to identified conditions. In 2000, NodeBrain was used in a second experimental application, this time for enterprise wide security event correlation to augment the functionality of commercial intrusion detection products. This application stretched the capabilities of NodeBrain, requiring several enhancements to handle the higher volume and poor quality of events found in intrusion detection at that time. The NodeBrain program, nb, was released as a "working prototype" (version 0.5) in February 2003 under the GNU General Public License. In March 2004, a second prototype (version 0.6) was released with a C API that enabled programmers to extend NodeBrain functionality by writing plug-ins we now call "node modules" without modification to nb. This was done in response to a request, but also because it is a convenient feature for extensions that address requirements that are not appropriate for release to the open source project. The API was refined a bit through June of 2005 with the 0.6.1 and 0.6.2 releases. In January 2006, version 0.6.4 was released with a "servant" feature providing a simple interface for scripting languages and other programming languages via stdin, stdout, and stderr. This made it easy to extend NodeBrain functionality without having to write a node module using the C API. In February 2009, version 0.7.4 was released with node modules replacing previously built-in listener and peer communication functionality. This simplified the language by eliminating about a dozen commands, but broke compatibility with prior versions. In February 2013, version 0.8.13 was released with a couple new modules and several security patches. A Message module provided a significant enhancement over the Peer module for event and command flow between agents. A Baseline module provided statistical anomaly detection. At this same time, the previously promised NodeBrain Caboodle Kit and NodeBrain System Kit were released, providing a simple framework for the construction of NodeBrain applications. In August 2014, versions 0.8.17 and 0.9.02 were released under an MIT license. Version 0.9 had performance enhancements, but also some syntax incompatibilities with version 0.8. Version 0.8.17 was released simply to offer the new license with 0.8 rule set compatibility. Copyright © 2015 NodeBrain.org |