/Ellis

Ellis monitors journald for specific entries and triggers actions based on them.

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

Ellis

Ellis monitors systemd-journald logs for specific entries and triggers actions based on them.

Ellis can obviously be used as an Intrusion Prevention System (IPS) but can also be used in a more general way to run a Python script whenever a pattern appears in the logs.

About

I started Ellis as a pet project with two ideas in mind:

  • I wanted to build something based on Python's asyncio framework because it looked very interesting and powerful - I needed to learn more about it ! ;
  • I also wanted to be warned whenever someone would successfully log on my PC through SSH.

And then I realized that the combination of these two ideas would make a perfect candidate ! It then evolved into something more generic that looks a lot like the well-known fail2ban.

Ellis specifically focuses on systemd-journald. It's written in Python and uses the asyncio framework for better performance (well, I hope so).

Features

  • Monitors systemd-journald logs for given patterns ;
  • Executes given commands when a pattern has been detected more than N times ;
  • Uses ipset or nftables to block traffic from malicious hosts ;
  • Can send e-mails to warn you about something ;
  • Handles multiple services (or systemd-units) ;
  • Single, simple config file.

Installing and configuring

Please read the Wiki.

Contributing / Helping

Code reviews, patches, comments, bug reports and feature requests are welcome. Please read the Contributing guide for further details.