{"id":23977152,"url":"https://github.com/kernelschmelze/porkpie","last_synced_at":"2026-05-17T03:02:57.796Z","repository":{"id":56854279,"uuid":"284283545","full_name":"kernelschmelze/porkpie","owner":"kernelschmelze","description":"snort unified log spool reader with slack or pushover notification","archived":false,"fork":false,"pushed_at":"2022-11-30T19:15:56.000Z","size":57,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-02-24T17:32:01.010Z","etag":null,"topics":["geoip","pushover","slack","snort","spoolreader","unified"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kernelschmelze.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-08-01T15:11:57.000Z","updated_at":"2022-12-16T16:45:51.000Z","dependencies_parsed_at":"2022-09-21T11:12:11.223Z","dependency_job_id":null,"html_url":"https://github.com/kernelschmelze/porkpie","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/kernelschmelze/porkpie","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kernelschmelze%2Fporkpie","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kernelschmelze%2Fporkpie/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kernelschmelze%2Fporkpie/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kernelschmelze%2Fporkpie/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kernelschmelze","download_url":"https://codeload.github.com/kernelschmelze/porkpie/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kernelschmelze%2Fporkpie/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33126085,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-16T18:38:32.183Z","status":"online","status_checked_at":"2026-05-17T02:00:05.366Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["geoip","pushover","slack","snort","spoolreader","unified"],"created_at":"2025-01-07T07:29:12.341Z","updated_at":"2026-05-17T03:02:57.746Z","avatar_url":"https://github.com/kernelschmelze.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"### porkpie\n\nPorkpie is a snort unified log spool reader that translates snort events into human readable form and delivers them as slack, pushover and local mail messages. Configuration settings are applied in real time, changes to the sidmap file are automatically detected and re-read. There is no need to restart the program.\n  \n\n### build from source\n\n`go get github.com/kernelschmelze/porkpie`\n\n### setup\n\nMake sure that the `config.toml` file is located in the working directory.\n  \n\n``` bash\ngokay@mazikeen ~/porkpie\n# ll                                         \ntotal 70096\n-rw-r--r-- 1 gokay gokay      539 Aug  2 10:53 config.toml\n-rw-r--r-- 1 gokay gokay 62534967 Jul 26 13:23 GeoLite2-City.mmdb\n-rwxr-x--x 1 gokay gokay  9234917 Aug  1 17:38 porkpie\n```\n\n`config.toml`  \n\n``` toml\n\n[filter]\n  pattern = [\"1:2525017\", \"1:10000001\", \"1:2525016\"]\n\n[geoip]\n  geodb = \"./GeoLite2-City.mmdb\"\n\n[ip2asn]\n  db = \"./ip2asn-combined.tsv.gz\"\n\n[mail]\n  server = \"127.0.0.1:25\"\n\n  [mail.from]\n    address = \"snort@localhost\"\n    name = \"snort\"\n\n  [mail.to]\n    address = \"root@localhost\"\n    name = \"root\"\n\n[reader]\n  fileprefix = \"snort.u2\"\n  path = \"/var/log/snort\"\n\n[sidmap]\n  maps = [\"/etc/snort/sid-msg.map\"]\n\n[slack]\n  channel = \"ids\"\n  token = \"\u003cyour slack token\u003e\"\n\n[pushover]\n  app = \"\u003cyour API token\u003e\"\n  user = \"\u003cyour user key\u003e\"\n\n```\n\n\n### install as service\n\n`porkpie.service`  \n\n\n``` bash\n[Unit]\nDescription=snort notify\nWants=network.target\nAfter=network.target\n\n[Service]\nType=simple\nPermissionsStartOnly=true\nWorkingDirectory=/home/gokay/porkpie\nExecStart=/home/gokay/porkpie/porkpie\nRestart=always\nRestartSec=5\nStandardOutput=syslog\nStandardError=syslog\nSyslogIdentifier=porkpie\n\n[Install]\nWantedBy=multi-user.target\n```\n\n``` bash\nsudo cp porkpie.service /lib/systemd/system/.\nsudo chmod 755 /lib/systemd/system/porkpie.service\nsudo systemctl enable porkpie.service\nsudo systemctl start porkpie\n```\n\n### extend porkpie with your own cool plugin\n\n``` go\npackage main\n\nimport (\n\t...\n\n\t_ \"github.com/kernelschmelze/porkpie/plugin/yourplugin\"\t\n\n\t...\n)\n\n```\n\n``` go\npackage yourplugin\n\nimport (\n\n\t\"github.com/kernelschmelze/pkg/plugin/plugin/base\"\n\t\"github.com/kernelschmelze/porkpie/ids\"\n\n\tlog \"github.com/kernelschmelze/pkg/logger\"\n)\n\ntype config struct {\n\tKey string\n}\n\ntype Plugin struct {\n\t*plugin.PluginBase\n}\n\nfunc init() {\n\tNew()\n}\n\nfunc New() *Plugin {\n\n\tp := \u0026Plugin{\n\t\tplugin.NewPluginWithPriority(950),\n\t}\n\n\terr := p.Init(plugin.PluginConfig{\n\t\tp,\n\t\tp.start, \t // plugin start callback\n\t\tp.stop, \t // plugin stop callback\n\t\tp.configure, // config changed callback\n\t\tp.do,\t\t // do something with the snort record\n\t\t\u0026config{},\t // your config object\n\t})\n\n\tif err != nil {\n\t\tlog.Errorf(\"init plugin '%T' failed, err=%s\", p, err)\n\t}\n\n\treturn p\n}\n\nfunc (p *Plugin) start() error {\n\n\tlog.Infof(\"start %T\", p)\n\n\treturn nil\n}\n\nfunc (p *Plugin) stop() error {\n\n\tlog.Infof(\"stop %T\", p)\n\n\treturn nil\n}\n\nfunc (p *Plugin) configure(v interface{}) {\n\n\tif config, ok := v.(*config); ok {\n\n\t\t// do some cool stuff with your config.Key\n\n\t}\n\n}\n\nfunc (p *Plugin) do(v interface{}) error {\n\n\tswitch data := v.(type) {\n\n\tcase *ids.Record:\n\n\t\tif !data.IsValid() || data.Drop {\n\t\t\treturn nil\n\t\t}\n\n\t\t// do some cool stuff with the snort record\n\n\t}\n\n\treturn nil\n}\n\n\n```\n\n### hints\n  \n\nMake sure that the snort output plugin for unified2 is enabled.  \n  \n`snort.conf`  \n\n```conf\n###################################################\n# Step #6: Configure output plugins\n# For more information, see Snort Manual, Configuring Snort - Output Modules\n###################################################\n\n# unified2 \n# Recommended for most installs\n# output unified2: filename merged.log, limit 128, nostamp, mpls_event_types, vlan_event_types\noutput unified2: filename snort.u2, limit 128\n\n```  \n  \n Make sure that porkpie is running in a user context that has read permissions on the snort log directory.  \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkernelschmelze%2Fporkpie","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkernelschmelze%2Fporkpie","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkernelschmelze%2Fporkpie/lists"}