ARTLAS Apache Real Time Logs Analyzer System
Real-time Apache log analyzer, based on top 10 OWASP vulnerabilities, identifies attempts of exploration in your web application, and notify you or your incident team on Telegram, Zabbix, and Syslog/SIEM.
ARTLAS uses the regular expression from the PHP-IDS project, to identify the attempts of exploration, download link to the latest version of the file Download File
Supported Output
Zabbix Version 2.4 and 3.0
SySlog
SIEM
Telegram
Supported web servers
Apache
Apache vHost
Nginx
Nginx vHost
Installation
Clone project
git clone https://github.com/mthbernardes/ARTLAS.git
Install dependencies
pip install -r dependencies.txt
python version 2.7.11(lastet)
Install screen
sudo apt-get install screen #Debian Like
sbopkg -i screen # Slackware 14.*
yum install screen # CentOS/RHEL
dnf install screeen # Fedora
Configuration
All your configurations will be made in etc/artlas.conf file.
TELEGRAM INTEGRATION
[Telegram]
api = Your Token API
group_id = Group/User ID that will receive the notifications
enable = True to send notificantions or False to not send.
ZABBIX CONFIGURATION
[Zabbix]
server_name = hostname of the server in zabbix
agentd_config = Zabbix agent configuration file
enable_advantage_keys = True or False to use advanced triggers
notifications = true to enable or false to disable triggers notifications
enable = true to enable or false to disable
SYSLOG/SIEM CONFIGURATION
[CEF_Syslog]
server_name = IP or Hostname SySlog/SIEM server
enable = True or False to enable
GENERAL CONFIGURATION
[General]
apache_log = Full path apache access.log
apache_mask = Mask to identify the fields in the apache access log
vhost_enable = True to enable or False to disable vhosts
rules = etc/default_filter.json It's the file that contains the OWASP filter [Do not Change]
How to start
screen -S artlas
python artlas.py
CTRL+A+D
Copyright (c) 2016 Matheus Bernardes
Source: https://github.com/mthbernardes/
