https://github.com/hrvolapeter/security-log

High performance, attack detection from web server logs.
https://github.com/hrvolapeter/security-log

analyzer apache attack-detection fast haskell logs nginx object-reference real-time security security-tools sql-injection xss-detection

Last synced: 6 months ago
JSON representation

High performance, attack detection from web server logs.

• Host: GitHub
• URL: https://github.com/hrvolapeter/security-log
• Owner: hrvolapeter
• License: gpl-3.0
• Created: 2017-06-04T20:21:16.000Z (over 8 years ago)
• Default Branch: master
• Last Pushed: 2019-05-16T10:24:17.000Z (over 6 years ago)
• Last Synced: 2025-02-25T06:51:16.366Z (11 months ago)
• Topics: analyzer, apache, attack-detection, fast, haskell, logs, nginx, object-reference, real-time, security, security-tools, sql-injection, xss-detection
• Language: Haskell
• Homepage:
• Size: 55.7 KB
• Stars: 11
• Watchers: 2
• Forks: 3
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE
  • Security: security-log.cabal

Awesome Lists containing this project

README

          
# Security log 🔒🔒🔒

[![Build Status](https://travis-ci.org/retep007/security-log.svg?branch=master)](https://travis-ci.org/retep007/security-log)

[![Coverage Status](https://coveralls.io/repos/github/retep007/security-log/badge.svg?branch=master)](https://coveralls.io/github/retep007/security-log?branch=master)

Security log is a high performence access log analyzer for OWASP TOP 10 attacks (well only part that can be detected from access logs 😉). This project was created as part of my bachelor thesis.

[Download](https://github.com/retep007/security-log/archive/latest.zip) precompiled binary for Ubuntu

## Contents

- [Features](#features)

- [Options](#options-%EF%B8%8F)

- [Building from source](#building-from-source)

## Features 

- analyse web access logs

- nginx / apache format

- reading from file or elasticsearch

- reporting using email ✉️

- running as a daemon 👻 

## Options ⌨️

Configurable using config stored in `/etc/security-log/config.yaml`

**Input types:** 🕸

* 🕵️ elasticsearch

* 📂 file path

**Output types / Incident reporting** #️⃣

* ➥ std

* ✉️ email

**Server type**

* nginx

* apache

Apache, elasticsearch with output to std

```markdown

tag: Config

serverType: Apache

input:

  tag: Elastic

  size: 10

  ip: http://localhost:9200

output:

  tag: Std

asDaemon: false

```

Nginx, file, with output to email runing as daemon

```markdown

tag: Config

serverType: Nginx

input:

  tag: File

  content: /logs/apache/acces_log

output:

  tag: Email

  content: test@me.com

asDaemon: true

```

## Building From Source

Install haskell [stack](https://docs.haskellstack.org/en/stable/install_and_upgrade/) with ```bash

curl -sSL https://get.haskellstack.org/ | sh

```

Compile using ```bash

stack build

```