SL4NT 3.x can be extended by using custom extension objects which are implemented as ActiveX objects. SL4NT supports two different types of custom extension objects:

Custom Evaluator Objects

Custom evaluator objects implement the ISL4NTCustomRuleCondition interface and can be associated with rules. They can be used to read and write all information elements (including custom fields) of a syslog message and to control rule evaluation. For example, such an object could be used to parse the raw message text of a syslog message and store the decoded data in custom fields for further processing by actions.

Custom Action Handler Objects

Custom action handler objects implement the ISL4NTCustomAction interface and are used by actions of type Execute Custom Handler Action. They can be used to read (but not write) all information elements (including custom fields) of a syslog message and perform arbitrary processing on them.

There is a free Software Development Kit (SDK) available for anyone who wants to develop his own custom extension objects. This SDK contains support files needed for developing extension objects in C++ (.IDL, .H), documentation and working samples in Visual Basic and Visual C++.