Analyzes log files in real time looking for strange user behavior.
- Regex matching of Apache error codes (403, 404, 500, etc), as well as error_log messages (warn, error, alert, etc).
- Request correlation (eg. large amount of 'good' requests in a small amount of time.)
- SQL/HTML injection attempts
- Add support for other log file types
- SSH files
- Dovecot
- IPTables
- Add support for clusters of server
- Abstract away log parsing from researcher into its own class
- GUI with Graphs