Log Watcher Daemon (logwatcherd)

a simple and modular way to watch logs and take appropriate actions

Author: Cédric Dufour <http://cedric.dufour.name>

Website: http://cedric.dufour.name/software/logwatcherd


The objective of the Log Watcher Daemon (logwatcherd) is to provide a simple, light-weight and modular way to watch logs for specific events and take appropriate actions.

It consists of a Python daemon that spawns multiple "watcher" threads, defined in a single configuration file.

Each watcher consists of:

Producers, filters, conditioners and consumers are all plugins. A set of basic plugins are provided as part of the Log Watcher Daemon codebase:

Producer plugins:

Filter plugins:

Conditioner plugins:

Consumer plugins:

Plugins are very easy and straight-forward to write and integrate with the Log Watcher Daemon, thus allowing users to address even the most exotic use cases.

With ad-hoc watchers, the Log Watcher Dameon can be made a simple Intrusion Detection System. Coupled with dynamic firewall configuration (e.g. along iptables 'recent' module), it can become a simple Intrusion Prevention System. Have a look a the examples directory for a short how-to.

On the other hand, the Log Watcher Daemon is not about performances and allowing to monitor a 10gb/s network link on a core routing host. Its goal is being lightweight and simple, and its purpose is being distributed on each host that provides some service (e.g. a virtual machine providing SSH remote access).

MORE : Download / Source Code