Apache Real Time Logs Analyzer System
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
etc
example
images
template
LICENSE
README.md
artlas.py Update artlas.py Jun 14, 2016
requirements.txt
syslog_client.py

README.md

ARTLAS Apache Real Time Logs Analyzer System

Real time Apache log analyzer, based on top 10 OWASP vulnerabilities, identifies attempts of exploration in your web application, and notify you or your incident team on Telegram, Zabbix and Syslog/SIEM.

ARTLAS uses the regular expression from the PHP-IDS project, to identify the attempts of exploration, download link to the latest version of the file Download File

ChangeLog

-Added CEF for syslog and SIEM
-Added option to connect in syslog servers or SIEM’s
-Added Zabbix integration with differents triggers
-Code review added class structure
-Added vhost capability
-Added verbose outup enabled
-Zabbix Notifications bugs fixed

Supported Output

Zabbix Version 2.4 and 3.0
SySlog
SIEM
Telegram

Supported web servers

Apache
Apache vHost
Nginx
Nginx vHost

Installation

Clone project
git clone https://github.com/mthbernardes/ARTLAS.git

Install dependencies pip install -r dependencies.txt python version 2.7.11(lastet)

Install screen sudo apt-get install screen #Debian Like sbopkg -i screen # Slackware 14.* yum install screen # CentOS/RHEL
dnf install screeen # Fedora

screen tutorial [pt_Br]

Configuration

All your configurations will be made in etc/artlas.conf file.

TELEGRAM INTEGRATION [Telegram] api = Your Token API group_id = Group/User ID that will receive the notifications enable = True to send notificantions or False to not send.

ZABBIX CONFIGURATION [Zabbix] server_name = hostname of the server in zabbix agentd_config = Zabbix agent configuration file enable_advantage_keys = True or False to use advanced triggers notifications = true to enable or false to disable triggers notifications enable = true to enable or false to disable

SYSLOG/SIEM CONFIGURATION [CEF_Syslog] server_name = IP or Hostname SySlog/SIEM server enable = True or False to enable

GENERAL CONFIGURATION [General] apache_log = Full path apache access.log apache_mask = Mask to identify the fields in the apache access log vhost_enable = True to enable or False to disable vhosts rules = etc/default_filter.json It's the file that contains the OWASP filter [Do not Change]

How to start

screen -S artlas
python artlas.py
CTRL+A+D

Team

Matheus Bernardes a.k.a. G4mbler
Henrique Gonçalves a.k.a. Kamus Hadenes
André Déo