Registered 2016-02-16 by Roman Fiedler

logdata-anomaly-miner allows to create log analysis pipelines to analyze log data streams and detect violations or anomalies in it. It can be run from console, as daemon with e-mail alerting or embedded as library into own programs. It was designed to run the analysis with limited resources and lowest possible permissions to make it suitable for production server use.

Analysis methods include:

* static check patterns similar to logcheck but with extended syntax and options.
* detection of new data elements (IPs, user names, MAC addresses)
* statistical anomalies in log line values and frequencies
* correlation rules between log lines as described in th AECID approach http://dx.doi.org/10.1016/j.cose.2014.09.006

The tool is suitable to replace logcheck but also to operate as a sensor feeding a SIEM.

Documentation:
* https://git.launchpad.net/logdata-anomaly-miner/plain/source/root/usr/share/doc/aminer/Readme.txt (intro)
* https://git.launchpad.net/logdata-anomaly-miner/plain/source/root/usr/share/doc/aminer/Analysis.txt (analysis component docu)

Binary packages:
* https://launchpad.net/~mwurzenberger/+archive/ubuntu/ppa (bionic all)
* https://packages.debian.org/sid/logdata-anomaly-miner (sid all)
* https://launchpad.net/logdata-anomaly-miner/+download (CentOS - alien build!)

Project information

Licence:
GNU GPL v3

RDF metadata

View full history Series and milestones

trunk series is the current focus of development.

All code Code

Version control system:
Git
Programming languages:
python3

All packages Packages in Distributions

Downloads

Latest version is v1.0.0
released on 2018-10-02

All downloads

Announcements