The Mentat system has been designed as a distributed modular system with an emphasis on its easy extendability and scalability. The core of the system reflects the architecture of MTA system Postfix. It consists of many simple modules/daemons, each of which responsible for performing a particular task. This approach enables smooth parallelization and extendability. All modules use the same core service framework, thus making implementing new modules an easy task.
The original Mentat’s design presupposed features and tools enabling to collate and share security information. This function has, however, later been taken over by a twin project Warden with slightly humbler ambitions and simpler but ultimately better design. At present, the Warden system has profiled as a single communication channel for sharing security information and the Mentat system as a tool for streamlined security information processing. Mentat’s source codes still contain some remains of protocols and components for data sharing between remote nodes.
The diagram below provides an overview of the existing architecture of the Mentat system.
The Mentat system consists of tools allowing processing events both in real time and retrospectively over a particular period of time. At present, the following modules for real time processing are available:
Most features enabling retrospective event processing are based on regularly re-launched scripts (i.e. crons). At present, the following features enabling retrospective event processing are available:
The last important components of the system are administrative interfaces:
As mentioned above, all system features, including continuously running deamons or periodically launched scripts, use a simple implementation framework which ensures all common actions:
All continuously running deamons operate as ‘pipes’, i.e. the report enters on one side, the deamon performs relevant operations and the report reappears on the other side. To facilitate report exchange between individual deamons, alike in MTA Postfix, the file system and queues implemented by means of files and directories are used. Thus, all deamons alike use the predefined feature Mentat::Processor which ensures correct, easy and configurable configuration upload, log setting, deamonisaton, launches the processing using event service, correct ending at the end, etc. When implementing a new deamon, one only needs to configure the processing; everything else is provided for automatically, including the selection of a report from the queue and subsequent upload into the queue of another deamon in the processing chain.