Security log 🔒🔒🔒

Security log is a high performence access log analyzer for OWASP TOP 10 attacks (well only part that can be detected from access logs 😉). This project was created as part of my bachelor thesis.

Download precompiled binary for Ubuntu

Contents

• Features
• Options
• Building from source

Features

• analyse web access logs
• nginx / apache format
• reading from file or elasticsearch
• reporting using email ✉️
• running as a daemon 👻

Options ⌨️

Configurable using config stored in /etc/security-log/config.yaml

Input types: 🕸

• 🕵️ elasticsearch
• 📂 file path

Output types / Incident reporting #️⃣

• ➥ std
• ✉️ email

Server type

• nginx
• apache

Apache, elasticsearch with output to std

tag: Config
serverType: Apache
input:
  tag: Elastic
  size: 10
  ip: http://localhost:9200
output:
  tag: Std
asDaemon: false

Nginx, file, with output to email runing as daemon

tag: Config
serverType: Nginx
input:
  tag: File
  content: /logs/apache/acces_log
output:
  tag: Email
  content: [email protected]
asDaemon: true

Building From Source

Install haskell stack with ```bash curl -sSL https://get.haskellstack.org/ | sh

Compile using ```bash
stack build