Panopticd is a anomaly log monitoring tool. Easy, simple, and lightweight.
- Perl (> 5.20)
- Regexp::Assemble
- MIME::EncWords
- FindBin::libs
- clone or unzip.
% git clone https://github.com/frisky-gh/panopticd.git
- setup rsyslog, syslog-ng or other logger to output logs into ./panopticd/spool/targetlog/ .
ex) rsyslog.conf
$FileCreateMode 0644
$template SyslogDaily,"/home/frisky/panopticd/spool/targetlog/syslog_%$year%-%$month%-%$day%"
*.* ?SyslogDaily
- complete.
- copy well-known syslogs to ./panopticd/conf/pattern/ as sample.
% cp ./syslog.1 ./panopticd/conf/pattern/syslog-wellknown.samplelog
- build patterns and patternsets from sample logs.
% ./panopticd/bin/panopticctl build
- copy conf files from examples and configurate it.
% cd ./panopticd/conf
% cp delivery.conf.example delivery.conf
% vi delivery.conf
% cp generate_pattern.conf.example generate_pattern.conf
% vi generate_pattern.conf
(continue...)
- startup panopticd.
% ./panopticd/bin/panopticd start