In [1]:
import psutil
import time
from watchdog.observers import Observer
from watchdog.events import FileSystemEventHandler
import logging

In [5]:
logging.basicConfig(filename='hids.log', level=logging.INFO,
                    format='%(asctime)s - %(message)s', datefmt='%d-%b-%y %H:%M:%S')

In [7]:
class FileHandler(FileSystemEventHandler):
    def on_any_event(self, event):
        if event.is_directory:
            return
        logging.info(f"File system event: {event.event_type} - {event.src_path}")

In [9]:
def monitor_processes():
    for proc in psutil.process_iter(['pid', 'name', 'username']):
        try:
            process_info = proc.info
            logging.info(f"Process: {process_info['name']} (PID: {process_info['pid']}) - User: {process_info['username']}")
        except (psutil.NoSuchProcess, psutil.AccessDenied, psutil.ZombieProcess):
            pass

In [11]:
def monitor_network():
    connections = psutil.net_connections()
    for conn in connections:
        logging.info(f"Network connection: {conn.laddr} -> {conn.raddr} - {conn.status}")

In [19]:
def main():
    path = "E:/Projects/IDS"  
    event_handler = FileHandler()
    observer = Observer()
    observer.schedule(event_handler, path, recursive=True)
    observer.start()

    try:
        while True:
            monitor_processes()
            monitor_network()
            time.sleep(60)  
    except KeyboardInterrupt:
        observer.stop()
    observer.join()

In [21]:
if __name__ == "__main__":
    main()

In [23]:
with open('hids.log', 'r') as f:
    print(f.read())

12-Aug-24 12:02:15 - Process: System Idle Process (PID: 0) - User: NT AUTHORITY\SYSTEM
12-Aug-24 12:02:15 - Process: System (PID: 4) - User: NT AUTHORITY\SYSTEM
12-Aug-24 12:02:15 - Process: Registry (PID: 100) - User: None
12-Aug-24 12:02:15 - Process: smss.exe (PID: 444) - User: None
12-Aug-24 12:02:15 - Process: WUDFHost.exe (PID: 480) - User: None
12-Aug-24 12:02:15 - Process: WhatsApp.exe (PID: 508) - User: DESKTOP-G1ABUKQ\BABIN
12-Aug-24 12:02:15 - Process: csrss.exe (PID: 656) - User: None
12-Aug-24 12:02:15 - Process: svchost.exe (PID: 660) - User: None
12-Aug-24 12:02:15 - Process: wininit.exe (PID: 760) - User: None
12-Aug-24 12:02:15 - Process: csrss.exe (PID: 768) - User: None
12-Aug-24 12:02:15 - Process: chrome.exe (PID: 772) - User: DESKTOP-G1ABUKQ\BABIN
12-Aug-24 12:02:15 - Process: services.exe (PID: 828) - User: None
12-Aug-24 12:02:15 - Process: lsass.exe (PID: 836) - User: None
12-Aug-24 12:02:15 - Process: svchost.exe (PID: 972) - User: None
12-Aug-24 12:02:15 - Pr