{"id":13525568,"url":"https://echothrust.github.io/echofish/","last_synced_at":"2025-04-01T05:32:01.622Z","repository":{"id":8789137,"uuid":"10479995","full_name":"echothrust/echofish","owner":"echothrust","description":"Central syslog manager with whitelisting and ability to generate events from syslog entries","archived":false,"fork":false,"pushed_at":"2020-04-14T11:30:19.000Z","size":13352,"stargazers_count":82,"open_issues_count":1,"forks_count":20,"subscribers_count":17,"default_branch":"master","last_synced_at":"2024-08-02T06:17:41.382Z","etag":null,"topics":["administrator","php","syslog","syslog-entries","whitelist"],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/echothrust.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null},"funding":{"github":"echothrust","patreon":"echothrust"}},"created_at":"2013-06-04T14:03:54.000Z","updated_at":"2024-01-30T14:44:33.000Z","dependencies_parsed_at":"2022-09-24T00:23:03.974Z","dependency_job_id":null,"html_url":"https://github.com/echothrust/echofish","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/echothrust%2Fechofish","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/echothrust%2Fechofish/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/echothrust%2Fechofish/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/echothrust%2Fechofish/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/echothrust","download_url":"https://codeload.github.com/echothrust/echofish/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":222703670,"owners_count":17025835,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["administrator","php","syslog","syslog-entries","whitelist"],"created_at":"2024-08-01T06:01:20.017Z","updated_at":"2024-11-02T10:30:44.902Z","avatar_url":"https://github.com/echothrust.png","language":"PHP","readme":"# Echofish Syslog manager\r\n\r\nCentral syslog management console with whitelisting feature and ability to \r\ngenerate events from syslog entries.\r\n\r\n## Description\r\n\r\nEchofish is a web based real-time event log aggregation, monitoring and \r\nmanagement system, developed in php and mysql, with functionality based on the \r\nexcellent idea/paper of [Marcus J. Ranum, \"Artificial Ignorance\"](http://www.ranum.com/security/computer_security/papers/ai/). \r\n\r\nThrough a simple dashboard, Echofish provides a single view for the \r\nadministrators to monitor system and application events. Echofish allows the \r\ncreation of whitelists and filters to provide administrators with a unique and \r\ncustomized view of their systems' event messages. Through detailed reports, \r\nalerting and notifications, Echofish is able to deliver new levels of \r\nvisibility and insight on your business IT infrastructure.\r\n\r\n## How Echofish differs\r\nEchofish focuses around the fact that:\r\n\r\n* daily operators need to be able to see what happens on their network.\r\n* syslog messages are events that need to be addressed.\r\n* similar events don't need to be addressed separately.\r\n* there is no need to be worried about events that are known to be good \r\n  (whitelisted).\r\n* once all the whitelisted entries are gone, we are left with mostly important \r\n  messages that need our attention.\r\n\r\n## Beneath the hood\r\nWhen a message is received by syslog it gets written into a specific table of \r\nthe echofish database.\r\n\r\nUpon INSERT on that table, special triggers and events take over, in order to \r\ninspect the message parameters and decide -based on your rules- whether the \r\nmessage is worthy of your attention or it needs to be discarded.\r\n\r\nOn top of that, you can create triggers that allow you to achieve certain \r\nexplicit tasks such as:\r\n\r\n  * After 10 failed ssh logins issue a syslog warning about brute force \r\n    attempt and report the attacker's IP\r\n  * If user@example.com usually logs from 1.2.3.x network and now he's \r\n    appearing from Korea notify me\r\n  * Issue an alert if the ssh logins on the servers are not from the admin's IP\r\n\r\n\r\nYou can find configuration samples, installation recipes and other usefull \r\ninformation in the `contrib/` folder.\r\n\r\n","funding_links":["https://github.com/sponsors/echothrust","https://patreon.com/echothrust"],"categories":["Install from Source"],"sub_categories":["Log Management"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/echothrust.github.io%2Fechofish%2F","html_url":"https://awesome.ecosyste.ms/projects/echothrust.github.io%2Fechofish%2F","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/echothrust.github.io%2Fechofish%2F/lists"}