Skip to content

Yamac309/SentinelLite

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
data
data
 
 
sample_logs
sample_logs
 
 
sentinellite
sentinellite
 
 
static
static
 
 
templates
templates
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

SentinelLite

SentinelLite is a lightweight personal intrusion detection and log monitoring system. It parses authentication and process logs, applies rule-based threat detection, stores processed events and alerts locally, and exposes a simple Flask dashboard for demos.

Features

  • Parses simulated auth and process logs.
  • Detects brute-force login attempts.
  • Detects suspicious login times between 02:00 and 05:00.
  • Detects process launches outside a configurable safe list.
  • Stores processed logs and alerts as JSON Lines.
  • Locks simulated accounts after repeated severity points and tells the user to contact their institution.
  • Supports one-time ingestion and live file monitoring.
  • Provides a web dashboard with severity and event filters.
  • Includes CLI summary mode for quick demos.

Quick Start

python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
python -m sentinellite.cli ingest --log-file sample_logs/sentinellite.log
python -m sentinellite.app

Open the dashboard at http://127.0.0.1:5000.

The interactive login simulator is available at http://127.0.0.1:5000/simulator. Submit logins there, then switch back to the dashboard to see logs and alerts refresh in real time.

Account lockouts use risk scoring per username. Most alerts use severity scoring: Low = 1, Medium = 3, High = 6. Off-hours login alerts are lighter and add only 1 point. Accounts lock at 10 points and are unlocked by the dashboard reset.

The simulator also lets you set each worker's assigned hours and choose a simulated event time. Suspicious-login detection compares that simulated timestamp against the worker schedule instead of relying on the current machine time.

Live Monitoring

python -m sentinellite.cli monitor --log-file sample_logs/sentinellite.log

In another terminal, append a line:

printf '2026-04-28T02:12:10Z host1 sshd: Failed password for invalid user root from 192.168.1.10\n' >> sample_logs/sentinellite.log

The monitor prints alerts as they are triggered and stores them under data/.

Tests

python -m unittest

Log Format

SentinelLite supports common Linux/macOS-style log text and a simple process format:

2026-04-28T10:00:01Z host1 sshd: Failed password for invalid user admin from 192.168.1.10
2026-04-28T10:01:10Z host1 sshd: Accepted password for alp from 10.0.0.5
2026-04-28T10:03:20Z host1 process: user=alp process=/usr/bin/python pid=4312

Project Structure

sentinellite/
  app.py         Flask dashboard and API
  cli.py         Ingest, monitor, and summary commands
  config.py      Rule thresholds and safe process list
  detector.py    Rule-based threat detection
  monitor.py     Batch and live file processing
  parser.py      Log parsing engine
  storage.py     JSONL persistence
templates/
static/
sample_logs/
data/

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages