a simple and modular way to watch logs and take appropriate actions
Author: Cédric Dufour <http://cedric.dufour.name>
The objective of the Log Watcher Daemon (logwatcherd) is to provide a simple, light-weight and modular way to watch logs for specific events and take appropriate actions.
It consists of a Python daemon that spawns multiple "watcher" threads, defined in a single configuration file.
Each watcher consists of:
Producers, filters, conditioners and consumers are all plugins. A set of basic plugins are provided as part of the Log Watcher Daemon codebase:
tail -F ...)
Plugins are very easy and straight-forward to write and integrate with the Log Watcher Daemon, thus allowing users to address even the most exotic use cases.
With ad-hoc watchers, the Log Watcher Dameon can be made a simple Intrusion Detection System. Coupled with dynamic firewall configuration (e.g. along iptables 'recent' module), it can become a simple Intrusion Prevention System. Have a look a the examples directory for a short how-to.
On the other hand, the Log Watcher Daemon is not about performances and allowing to monitor a 10gb/s network link on a core routing host. Its goal is being lightweight and simple, and its purpose is being distributed on each host that provides some service (e.g. a virtual machine providing SSH remote access).
|MORE||:||Download / Source Code|