Security log is a high performence access log analyzer for OWASP TOP 10 attacks (well only part that can be detected from access logs π). This project was created as part of my bachelor thesis.
Download precompiled binary for Ubuntu
- analyse web access logs
- nginx / apache format
- reading from file or elasticsearch
- reporting using email βοΈ
- running as a daemon π»
Configurable using config stored in /etc/security-log/config.yaml
Input types: πΈ
- π΅οΈ elasticsearch
- π file path
Output types / Incident reporting #οΈβ£
- β₯ std
- βοΈ email
Server type
- nginx
- apache
Apache, elasticsearch with output to std
tag: Config
serverType: Apache
input:
tag: Elastic
size: 10
ip: http://localhost:9200
output:
tag: Std
asDaemon: false
Nginx, file, with output to email runing as daemon
tag: Config
serverType: Nginx
input:
tag: File
content: /logs/apache/acces_log
output:
tag: Email
content: test@me.com
asDaemon: true
Install haskell stack with ```bash curl -sSL https://get.haskellstack.org/ | sh
Compile using ```bash
stack build