Releases: dogoncouch/LogESP
Releases · dogoncouch/LogESP
LogESP-0.2-beta
Documentation
See README.md for documentation.
Installing
See the install documentation for recommendations on installing.
ldsi-0.1-alpha
Documentation
See README.md
Installing
Requirements: python 3.x, django >=2.0, pip.
Note: This installation is intended for development, and trying out the software. Using the built-in Python Django web server is not recommended in real security operations environments.
Step 1
- Download the release:
wget https://github.com/dogoncouch/ldsi/archive/v0.1-alpha.tar.gz
tar -xzf v0.1-alpha.tar.tz
- sha256sum:
ee9b47a733022979c9d2683676e85b63f2d0b55f7a00ea76ea711a7f072d7063 v0.1-alpha.tar.gz
Step 2
- Create a virtual environment and install django:
virtualenv -p python3 ldsi_env
source ldsi_env/bin/activate
pip install django
Step 3
- Create/migrate the database, and add fixtures:
cd ldsi-0.1-alpha
make new-db
Step 4
- Start the server:
python manage.py runserver
Step 5
- Try it: http://localhost:8000
Step 6
- Set up syslog service, clients
Notes
Parser Engine
To start the parser engine:
- Edit the config file at
config/parser.conf. - Run the parser inside a django shell:
python manage.py shell -c "import daemons.parser.parsecore ; daemons.parser.parsecore.start()"
The parser needs to be restarted on changes to the config file.
Sentry Engine
To start the rule engine:
- Run the sentry engine inside a django shell:
python manage.py shell -c "import daemons.sentry.sentrycore ; daemons.sentry.sentrycore.start()"
Cleaner
Events have two different EOL dates for local and backup copies of events. The cleaner can use either to delete old events. There are two options:
- Run the cleaner inside a django shell using the backup EOL date:
python manage.py shell -c "import daemons.cleaner.clean ; daemons.cleaner.clean.clean()"
- Run the cleaner inside a django shell using the local EOL date:
python manage.py shell -c "import daemons.cleaner.clean ; daemons.cleaner.clean.clean(local=True)"
Cleaning should be handled by a cron job.