1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
Source: logdata-anomaly-miner
Section: admin
Priority: optional
Maintainer: Markus Wurzenberger <markus.wurzenberger@ait.ac.at>
Uploaders: Sebastian Ramacher <sramacher@debian.org>
Build-Depends:
debhelper-compat (= 13),
dh-python,
dh-sequence-python3,
dh-sequence-movetousr,
docbook-xsl,
docbook-xml,
python3,
xsltproc
Standards-Version: 4.7.2
Homepage: https://aecid.ait.ac.at/
Vcs-Git: https://salsa.debian.org/sramacher/logdata-anomaly-miner.git
Vcs-Browser: https://salsa.debian.org/sramacher/logdata-anomaly-miner
Rules-Requires-Root: no
Package: logdata-anomaly-miner
Architecture: all
Depends:
${misc:Depends},
${python3:Depends},
python3-cerberus,
python3-pytz
Suggests:
python3-scipy
Description: tool for log analysis pipelines
This tool allows one to analyze log data streams and detect violations or
anomalies in it. It can be run from console, as daemon with e-mail alerting,
or embedded as library into own programs. It was designed to run the analysis
with limited resources and lowest possible permissions to make it suitable for
production server use. Analysis methods include:
.
* log line parsing and filtering with extended syntax and options
* detection of new data elements (IPs, user names, MAC addresses)
* statistical anomalies in log line values and frequencies
* correlation rules between log lines
.
The tool is suitable to operate as a sensor feeding a SIEM and distributing
messages via message queues.
|
