Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://echothrust.github.io/echofish/

Central syslog manager with whitelisting and ability to generate events from syslog entries
https://echothrust.github.io/echofish/

administrator php syslog syslog-entries whitelist

Last synced: about 2 months ago
JSON representation

Central syslog manager with whitelisting and ability to generate events from syslog entries

Host: GitHub
URL: https://echothrust.github.io/echofish/
Owner: echothrust
Created: 2013-06-04T14:03:54.000Z (over 11 years ago)
Default Branch: master
Last Pushed: 2020-04-14T11:30:19.000Z (over 4 years ago)
Last Synced: 2024-06-05T14:38:03.372Z (4 months ago)
Topics: administrator, php, syslog, syslog-entries, whitelist
Language: PHP
Size: 12.7 MB
Stars: 82
Watchers: 18
Forks: 20
Open Issues: 1
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml

Awesome Lists containing this project

Self-Hosting-Guide - Echofish - A web based real-time event log aggregation, analysis, monitoring and management system. (Install from Source / Log Management)

README

# Echofish Syslog manager

Central syslog management console with whitelisting feature and ability to
generate events from syslog entries.

## Description

Echofish is a web based real-time event log aggregation, monitoring and
management system, developed in php and mysql, with functionality based on the
excellent idea/paper of [Marcus J. Ranum, "Artificial Ignorance"](http://www.ranum.com/security/computer_security/papers/ai/).

Through a simple dashboard, Echofish provides a single view for the
administrators to monitor system and application events. Echofish allows the
creation of whitelists and filters to provide administrators with a unique and
customized view of their systems' event messages. Through detailed reports,
alerting and notifications, Echofish is able to deliver new levels of
visibility and insight on your business IT infrastructure.

## How Echofish differs
Echofish focuses around the fact that:

* daily operators need to be able to see what happens on their network.
* syslog messages are events that need to be addressed.
* similar events don't need to be addressed separately.
* there is no need to be worried about events that are known to be good
(whitelisted).
* once all the whitelisted entries are gone, we are left with mostly important
messages that need our attention.

## Beneath the hood
When a message is received by syslog it gets written into a specific table of
the echofish database.

Upon INSERT on that table, special triggers and events take over, in order to
inspect the message parameters and decide -based on your rules- whether the
message is worthy of your attention or it needs to be discarded.

On top of that, you can create triggers that allow you to achieve certain
explicit tasks such as:

* After 10 failed ssh logins issue a syslog warning about brute force
attempt and report the attacker's IP
* If [email protected] usually logs from 1.2.3.x network and now he's
appearing from Korea notify me
* Issue an alert if the ssh logins on the servers are not from the admin's IP

You can find configuration samples, installation recipes and other usefull
information in the `contrib/` folder.