	F.L.A.G - Forensic Log Analysis GUI


This application is designed to assist IT security professionals with analysing
log files and tcp dump files for forensic evidence.

INSTALLATION

F.L.A.G is designed to run on Linux and has been tested on Redhat 7.3,8.0 and
Debian 3.0 stable. It should work on any unix like operating system. Flag needs
a full installation of perl.

Prior to installing flag you will need a working installation of mysql as well
as a user configured that is allowed to create and drop databases (typically
root mysql user).  The installation process will recompile and install a
modified version of tethereal in the flag binary directory. In order for this
process to succeed, the headers for glib and pcap must be installed. These are
named something like libglib-dev and libpcap-dev on distributions like debian
or redhat.

In addition to mysql, flag uses the graphing package graphviz for
visulaization. If you want to use visualization, install graphviz (a source
tarball is provided with the Flag tarball, or go to
http://www.research.att.com/sw/tools/graphviz/. Flag requires the Scalable
Vector Graphics (SVG) language to render diagrams.  You can download a viewer
from Adobe on http://www.adobe.com/svg/.  There are also a number of open
source SVG viewers, and Mozilla should have native svg support in the next
major release. 

F.L.A.G requires a number of libraries be installed.  On Redhat 8.0 these will
appear as follows:

	glib-devel-1.2.10-8 
	libpng-devel-1.2.2-6 
	libpcap-0.6.2-16

To install F.L.A.G run the install.flag file as below:

	./install.flag

It will create the F.L.A.G database, install additional applications/perl
modules and copy the flag files into a flag installation directory.

If you have any recommendations or problems with F.L.A.G please contact us on
infosechelp@dsd.gov.au.
