Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Log Watcher Daemon (logwatcherd) [GPLv3] http://cedric.dufour.name/software/lo…
Fetching latest commit…
Cannot retrieve the latest commit at this time.
|Type||Name||Latest commit message||Commit time|
|Failed to load latest commit information.|
Log Watcher Daemon (logwatcherd) ================================ The objective of the Log Watcher Daemon (logwatcherd) is to provide a simple and modular way to watch logs for specific events and take appropriate actions. It consists of a Python daemon that spawns multiple "watcher" threads, defined in a single configuration file. Each watcher consists of: - one "Producer", which generates data that may be of interest; e.g. watching the content of a log file - zero-to-many "Filter(s)", which extract meaningful data from the producer; e.g. looking for failed login attempts - zero-to-many "Conditioner(s)", which further filter or modify the data; e.g. excluding IP addresses from the LAN - one-to-many "Consumer(s)", which take actions based on that data; e.g. add an IP address to an iptables blacklist Producers, filters, conditioners and consumers are all plugins. A set of basic plugins are provided as part of the Log Watcher Daemon codebase: Producer plugins: - "Read": dump the content of a given file (cat ...) - "Tail": watch content being added to a given file (tail -F ...) Filter plugins: - "Grep": match data based on a given regular expression - "Awk": match data field based on a given regular expression Conditioner plugins: - "Sed": match (and replace) data based on a given regular expression Consumer plugins: - "Write": write or append data to a given file - "Mail": send data to a given e-mail recipient - "Syslog": log data to a given syslog facility Plugins are very easy and straight-forward to write and integrate with the Log Watcher Daemon, thus allowing users to address even the most exotic use cases. With ad-hoc watchers, the Log Watcher Dameon can be made a simple Intrusion Detection System. Coupled with dynamic firewall configuration (e.g. along iptables 'recent' module), it can become a simple Intrusion Prevention System. Have a look a the examples directory for a short how-to. On the other hand, the Log Watcher Daemon is not about performances and allowing to monitor a 10gb/s network link on a core routing host. Its goal is being lightweight and simple, and its purpose is being distributed on each host that provides some service (e.g. a virtual machine providing SSH remote access).