|
LMF: Log Monitoring Framework
By Max Schubert a.k.a. "perldork"
|
Features
- Flexible pattern matching system, uses perl regular expressions
and allows the user to identify unique log activity patterns
using capturing parenthesis.
- Custom trigger and release scripts can be associated with
rules; the trigger is called when a rule threshold is met,
the release is called after the duration of a rule has
expired.
- Triggers, messages, and releases can all contain information
taken from the live match.
- Flexible configuration system; all files in the configuration
directory that end in .conf will be read by LMF upon startup
(like placing configuration files in /etc/httpd/conf.d/ with
Apache on Linux).
- Included fw (iptables drop/allow) script includes
APF
(Advanced Policy Firewall)
integration code to allow LMF to whitelist any
IP addresses / CIDR subnets specified in APFs' allow_hosts.rules config
file. Also includes a local whitelist if you wish to just allow
hostss through LMF and not also exclude them from APF.
- Rule configurations can be read from a central server via
HTTP/HTTPS with or without Apache authentication.
|