Last update: 2005-04-18

LogReport Foundation; Annual Report 2000

tools for computer/network log file analysis

1 Introduction

This annual report consists of the following sections:

Introduction
Activities in 2000
Official Information
Financial Statements

1.1 The goal of LogReport

LogReport aims to transform the data in log files of network/computer systems into useful information. Log files are usually treated like the waste of Information Technology activity. Files are sitting somewhere in a dark corner of a computer system and get only touched occasionally in case of reactive problem solving. This is unfortunate because log files contain the traces of computer activity, and by systematic analysis of this activity one can learn a lot of the behavior of the systems and the users. Stichting LogReport Foundation develops and maintains Open Source reporting software and documentation.

1.2 LogReport basic idea

Log files are distilled into an intermediate format (also known as DLF = Distilled Log Format) from which the reports can be generated. The intermediate step introduces a log file dependent and a report dependent part. The log file dependent part translates to the DLF format and the report dependent part composes the report from the DLF files. The intermediate format can be used as the store of a data warehouse which allows you to generate many reports from many log files from many sources.

2 Activities in 2000

2.1 From idea to foundation organization

On April 6, 2000 a few people gathered around a glass of beer and an Indonesian meal. That night LogReport was born, although it did not have that name yet. We had the two ingredients that can make things happen: enthusiastic people and a good idea. The people in the meeting were a.o. Joost van Baal, Edwin Groothuis, Peter Huisken and Anton Holleman. We decided to organize a 'Birds of a Feather (BoF)' session at the SANE 2000 conference in Maastricht, the Netherlands. The conference was scheduled for May 23 until May 25, so there were 6 weeks left for preparation. Those six weeks were used very effectively using a lot of spare time. We decided upon a name, put up a web site with a report responder, prepared a presentation and started to find funding for our activities to ensure continuity after the conference. Teus Hagen and Wytze van der Raay of Stichting NLnet were contacted and became interested. The first meeting with NLnet took place on April 21 and NLnet received the first LogReport startup plan on May 5.

2.2 SANE 2000

May 25 was the first public appearance of LogReport during a 45 minutes BoF timeslot from 9:30 until 10:15. About 30 people gathered and Peter Huisken did a great presentation job. A simple example of hungry and thirsty people, pizza's and beers served nicely to explain the power of the Distilled Log Format. After 45 minutes we were still answering questions. Luckily the time slot after our presentation was not used. We left the meeting room at 11 o' clock with a great feeling of excitement because the response and attention was way beyond our expectations.

2.3 Choosing the license

After the conference we had to decide upon a license for the software. We evaluated numerous licenses and spent many long evenings on the topic. Teus Hagen had regularly stated that the GPL is the best license to ensure that LogReport remains Open Source. But an attractive alternative was provided by the BSD license. We could never reach consensus because both licenses had pros and cons. One evening we chose for the BSD license. A few meetings later, the topic was discussed again endlessly. Anton then decided to go for the GPL because this is the mostly used license that does not scare off developers. (At that time mySQL migrated to GPL just to attract developers). Edwin Groothuis was unhappy with this decision because he felt GPL was chosen to please NLnet and he soon left the project.

2.4 Building an organization

We then came into a phase that we had to structure the initiative. The experience of Teus and Wytze guided us through the web of possibilities: profit organization, non-profit organizations with all their different flavours were evaluated. We finally decided to go for a foundation ("stichting"). The articles of association had to clearly state that the software had to be Open Source at all times. We agreed to a majority of NLnet in the board for the first two years. In return NLnet guaranteed funding for two years. After those two years LogReport needs to be able to collect sufficient money and/or support from other sources. The articles of association were finalized on August 21. The official name of the foundation is Stichting LogReport Foundation, because Dutch law states that the word Stichting (= foundation) must be used.

2.5 Intellectual property hassle

The LogReport initiative had drawn the attention from Jan Stap and Gerrit Nijhuis. Together with Joost, Peter and Anton they had the intention to work one day a week for the LogReport Foundation and four days a week for their employer Origin. Unfortunately this plan could never be realized due to intellectual property issues. The Origin intellectual property monopoly made it impossible to proceed as we had planned. Effectively the foundation existed and had a few enthusiastic volunteers related to it.

2.6 Linux2000

LogReport continued to rumble on in the evening hours and in the weekends. Gerrit decided to quit. Nevertheless we (Joost, Jan, Peter and Anton) managed to reserve a time slot at the Linux2000 conference in Ede, the Netherlands (October 10). Peter did again a great presentation job for an audience of about 70 people. There were less questions than at SANE2000 but the response was not bad. We also managed to speak with Eric S. Raymond who advised us to use the Python programming language and to focus on intrusion detection.

2.7 November

Joost had decided to leave Origin and to start with LogReport for three days a week. His decision brought new energy into the initiative. We ordered a machine and rented space in a machine room. Early November the machine hibou.logreport.org went live. That machine hosts the report responders and the web site. The code is hosted on SourceForge. The energy of Joost resulted in the release of a series of experimental packages.

2.8 What we have achieved

We presented the LogReport ideas on two conferences
We established a solid organizational framework allowing for at least two years of existence thanks to NLnet funding and support
We released several experimental packages, including converters for:
- apache logs (common and combined)
- sendmail logs
- postfix logs
- qmail logs
- bind8 query logs
We launched a web site with content, and these automatic report responders:
- log(a)apachecommon.logreport.org
- log(a)bind8.logreport.org
- log(a)postfix.logreport.org
- log(a)qmail.logreport.org
- log(a)sendmail.logreport.org

2.9 What we did not achieve

Recruit more people as employee or open source developer
Funding from other sources than NLnet

2.10 Dates and events to remember

April 4	First meeting
April 21	First meeting with Teus and Wytze from NLnet foundation
April 27	logreport.org, logreport.net and logreport.com registered
	LogReport accepted as project on SourceForge
May 2	www.logreport.org live
May 8	First plan send to NLnet foundation
May 18	Meat and eat session
May 25	Birds of a feather (BoF) session
August 21	Articles of association final
August 31	LogReport foundation is known to the Chamber of Commerce
October 7	First experimental release: logreport-0.0.1.tar.gz
October 10	Linux 2000 conference
November 1	Joost van Baal starts working for LogReport
November 8	Hibou live
November 30	Second code release: lr-20001130.tar.gz

2.11 Contact information

web	http://www.logreport.org/

email	logreport(a)logreport.org

sourceforge	http://sourceforge.net/projects/logreport/

snailmail	Stichting LogReport Foundation
	p/a J.E. van Baal
	Strijpsestraat 48-A
	5616 GR Eindhoven
	The Netherlands

3 Official Information

Stichting LogReport Foundation has been established on August 21, 2000 in Eindhoven, The Netherlands. The goal of the foundation is:

to develop, maintain and distribute tools and knowledge for processing log files of network/computer system applications and for generating reports based on such log files;
to stimulate the use of the tools and knowledge mentioned above for the management of information systems;
to stimulate authors of network/computer system applications to incorporate provisions in these applications for generating useful standardized and automatically processable information in log files;
to contribute to the development and implementation of product-independent log file formats (standards);
to create a forum for system administrators and software developers in the area of the application and analysis of log file information; and
anything which is directly or partly related to the above, or can be beneficial to the above, in the widest sense.

3.1 Board

The board of Stichting NLnet Foundation consists of three members:

Teus Hagen	chairman
Jakob Schripsema	secretary
Wytze van der Raay	treasurer

The composition of the board has not been changed since its start on August 21, 2000. One formal board meeting was held in 2000, on December 14, in addition to a number of informal meetings earlier in the year.

3.2 Employees

The foundation is employing one staff member, Joost van Baal, as of November 1, 2000. In addition, volunteers are performing work for the foundation.

The original intention to appoint a director to supervise all LogReport operations could not be realized. However, Anton Holleman has been filling in this position on a voluntary basis.

3.3 Administration

Day-to-day administration, handling of payments and other similar activities have been handled by Anton Holleman. The bookkeeping function has been taken care of by Wytze van der Raay, treasurer of the foundation. The salary administration and related work (interfacing to GAK, ARBO service etc) has been contracted out to De Wert Accountants in Eindhoven. Legal and fiscal advice has been obtained from Derks Star Busmann Hanotiau in Utrecht.

3.4 Fiscal year

The fiscal year of Stichting LogReport Foundation coincides with the calender year. Because the foundation was established on August 21, 2000, the first fiscal year starts on August 21, 2000 and ends on December 31, 2000.

3.5 Fiscal position

Based on its current activities, the foundation is not taxable for Dutch corporate tax ("vennootschapsbelasting") or value-added tax ("BTW").

On November 28, 2000, Stichting LogReport Foundation has been recognized by the Dutch fiscal authorities as an organization working for the general benefit ("algemeen nut beogende instelling") as meant in article 24, paragraph 4 of the Dutch Inheritance Act 1956.

4 Financial Statements

4.1 Balance Sheet per December, 31 2000 (after result allocation)

	EUR	EUR
Fixed assets

Material fixed assets
Computer equipment		2,717.55

Current assets

Accounts receivable
Costs paid in advance		458.55

Cash		2,261.89
		-----------------
		5,437.99
		-----------------


Own capital		2,446.25

Short-term liabilities
Accounts payable	303.32
Taxes and social charges	2,094.75
Other liabilities	593.67
	-----------------
		2,991.74
		-----------------
		5.437.99
		-----------------

4.2 Profit and Loss Account 2000

	EUR	EUR
Other income
Donations received		16,500.00

Other expense
Payroll expenses	5,425.05
Depreciation of material fixed assets	220.34
Other operational expenses	8,413.81

		14,059.20

		-----------------

		2,440.80

Interest earned	5.45
Interest paid	0.00
	-----------------
		5.45

		-----------------

Gross result from regular operations before tax		2,446.25
Tax		0.00

		-----------------

Net result		2,446.25
		-----------------

4.3 General explanations

4.3.1 Basis for valuation and result determination

4.3.1 Result determination

Assets and liabilities

Unless stated otherwise, assets and liabilities have been stated at their nominal values.

Material fixed assets

Material fixed assets have been stated at historical cost price, reduced with depreciation calculated linearly based on the estimated total useful life of the corresponding fixed asset.

General

The following holds with respect to items included in the operational result: profits are only included if and for the part they have been realized in the reporting period, and losses and risks have been taken into account inasmuch they originate before the end of the reporting period.

4.4 Amplification of the Balance Sheet 2000

4.4.1 Material fixed assets

The material fixed assets can be specified as follows:

	Inventory	Computer-	Total
		equipment
	-----------------	-----------------	-----------------
	EUR	EUR	EUR
January 1, 2000

Procurement costs	0.00	0.00	0.00
Cumulative depreciation	0.00	0.00	0.00
	-----------------	-----------------	-----------------
Book value	0.00	0.00	0.00
	-----------------	-----------------	-----------------

Changes

Desinvestments	0.00	0.00	0.00
Investments	0.00	2,937.89	2,937.89
Depreciation	0.00	(220.34)	(220.34)
Depreciation desinvestments	0.00	0.00	0.00
	-----------------	-----------------	-----------------
		2,717.55	2,717.55
	-----------------	-----------------	-----------------

December 31, 2000

Procurement costs	0.00	2,937.89	2,937.89
Cumulative depreciation	0.00	(220.34)	(220.34)
	-----------------	-----------------	-----------------
Book value	0.00	2,717.55	2,717.55
	-----------------	-----------------	-----------------

Depreciation percentage	20%	50%
	-----------------	-----------------

4.4.2 Accounts receivable

Accounts receivable consists solely of an amount of expenses paid in advance for the months January and February 2001 with respect to a hosting contract with VIA NET.WORKS.

4.4.3 Cash

Cash consists solely of a positive balance on a business giro account at Postbank N.V.

4.4.4 Own capital

Reserve fund

The course is as follows:

	2000
	-----------------
	EUR
Value per January 1	0.00
Plus: net result	2,446.25
	-----------------
Value per December 31	2,446.25
	-----------------

4.4.5 Short-term liabilities

Taxes and social charges

	2000
	-----------------
	EUR
Salary tax	1,233.56
Social charges bedrijfsvereniging	861.19
	-----------------
	2,094.75
	-----------------

Other liabilities

	2000
	-----------------
	EUR
Salary administration expenses	181.29
Holiday allowances	412.36
Savings salary	0.02
	-----------------
	593.67
	-----------------

4.4.6 Liabilities not shown in the balance sheet

The foundation has engaged in a year contract for internet hosting services with VIA NET.WORKS; the costs of this contract are EUR 2,786.39 per year.

4.5 Amplification of the Profit and Loss Account 2000

4.5.1 Income

Income over 2000 consists solely of a donation from Stichting NLnet of EUR 16,500.00.

4.5.2 Payroll expenses

	2000
	-----------------
	EUR
Staff salaries	4,698.46
Social charges	726.59
	-----------------
	5,425.05
	-----------------
Staff salaries
Salaries	4,260.00
Salary tax on savings salary	13.12
Holiday allowances	340.80
Overhevelingstoeslag	84.54
	-----------------
	4,698.46
	-----------------
Social charges
Social charges	726.59
	-----------------

4.5.3 Other operational expenses

	2000
	-----------------
	EUR
Other staff expenses	376.14
Office expenses	1,175.50
General expenses	6,862.17
	-----------------
	8,413.81
	-----------------
Other staff expenses
Travel expenses staff	74.86
Travel expenses volunteers	301.28
	-----------------
	376.14
	-----------------
Office expenses
Office materials	44.92
Forwarding charges	123.88
Internet expenses	995.38
Computer expenses	11.32
	-----------------
	1,175.50
	-----------------
General expenses
Subscriptions & contributions	35.62
Conferences/courses	192.86
Accountancy fees	181.29
Consulting fees	6,273.02
Travel expenses board	172.58
Bank expenses	6.80
	-----------------
	6,862.17
	-----------------

4.5.4 Interest earned

	2000
	-----------------
	EUR
Credit interest Postbank N.V.	5.45
	-----------------

4.6 Allocation of net result 2000

In anticipation of a board decision to be taken, the net result over 2000 ad EUR 2,446.25 has been added to the reserve fund.