Realeyes Technology

Real eyes

Live Demos

The following links to youtube or the ogg theora file provide demonstrations of the Realeyes IDS in action.

Installation Demo (ogg theora)
Installing and configuring the Realeyes IDS application.

Analysis Demo (ogg theora)
Using the Realeyes IDS user interface to analyze captured sessions and study trends of them.

Rules Demo (ogg theora)
Defining rules for the Realeyes IDS.

Live Capture Demo (ogg theora)
Defining rules for the Realeyes IDS and capturing session data with them.

Advanced Topics Demo (ogg theora) Several of the new features in version 0.9.5 that enhance the usability of the Realeyes IDS.


Realeyes AE and IDS
The Realeyes analysis engine is a C library of functions that can be used to build applications for performing sophisticated analysis of large data streams. The Realeyes IDS is the first application built using the Realeyes analysis engine, which allows it to maintain state information about TCP/IP sessions. This slideshow presents how the technology is implemented.

Realeyes GUI
The Realeyes IDS user interface is where the data is analyzed. This slideshow presents the features of the user interface and includes many screenshots. Logo

The Realeyes analysis engine is a C library of functions that maintain state information and analysis results about streams of data. Applications may be built on it to search for complex patterns and then output information about the data or even transform it. It has been tested on several Linux distributions but should run on any Unix system.

The first application that has been developed using the library is a network Intrusion Detection System (IDS). It captures and analyzes full sessions from live traffic or pcap files. There may be multiple signatures in a single rule, and these may be in opposite halves of a TCP session.

The detected records are transferred to a database interface and inserted into a PostgreSQL database. The database also maintains configuration information which can be sent to the IDS hosts for dynamic reconfiguration. The database interface can communicate with one or more hosts.

The user interface is a Java application using the Standard Widget Toolkit from the Eclipse project, which has been tested on several Linux distributions and Microsoft Windows. It is used to administer the application as well as to analyze detected network traffic and create reports for supporting a secure environment.

Developers are welcome. See the Developers page for a description of how to contribute, and the project Roadmap for a list of what needs to be done.

All Realeyes technologies are licensed under GPLv3 and are originally developed on the GNU/Linux v2.6 operating system.

Release Descriptions

Each release of the Realeyes IDS has added new features and improved reliability. The highlights are described in the Release Descriptions. The complete list of features is quite extensive.


While the current state of Realeyes is very functional, there is much to be done to make it even better. The Roadmap describes plans for the near and medium term.