a simple and modular way to watch logs and take appropriate actions
Author: Cédric Dufour <http://cedric.dufour.name>
Website: http://cedric.dufour.name/software/logwatcherd
The objective of the Log Watcher Daemon (logwatcherd) is to provide a simple, light-weight and modular way to watch logs for specific events and take appropriate actions.
It consists of a Python daemon that spawns multiple "watcher" threads, defined in a single configuration file.
Each watcher consists of:
Producers, filters, conditioners and consumers are all plugins. A set of basic plugins are provided as part of the Log Watcher Daemon codebase:
Producer plugins:
cat ...
)tail -F ...
)
Filter plugins:
Conditioner plugins:
Consumer plugins:
Plugins are very easy and straight-forward to write and integrate with the Log Watcher Daemon, thus allowing users to address even the most exotic use cases.
With ad-hoc watchers, the Log Watcher Dameon can be made a simple Intrusion Detection System. Coupled with dynamic firewall configuration (e.g. along iptables 'recent' module), it can become a simple Intrusion Prevention System. Have a look a the examples directory for a short how-to.
On the other hand, the Log Watcher Daemon is not about performances and allowing to monitor a 10gb/s network link on a core routing host. Its goal is being lightweight and simple, and its purpose is being distributed on each host that provides some service (e.g. a virtual machine providing SSH remote access).
MORE | : | Download / Source Code |