For those who just want to get started:
run 'pip install -r requirements.txt' to install needed packages
Then, run 'event_generate.sh' to generate some data to look at!
Have you ever needed to really dig through some log files, but find yourself frustrated with AWK, GREP, and/or other tools? Well here is your solution! Logec is a localized SIEM, meant to help you get to the bottom of any troubles you have quickly. No forwarders, agents, or server instances, just download and go!
Some important definitions:
Module: A grouping of 2 programs (sorter, and shell) related to a single log (confusing I know)
Shell: The shell is the frontend for the sorter, its main functions are to interact with the sorter via commands, and display results.
Sorter: The sorter is where all the heavy lifting happens, it searches, and sorts its respective log file for values via regex. From here, it adds this data to a dataframe, and returns it to the shell to display
Here is a handy chart showing a map of this, with explanations as well:
EXAMPLES:
General Usage:
The Main Shell (logec.py) This is where you can access different modules, or tools
Searching!: Searching works in all modules - and took some time to get right
The Webserver Module:
The Auth Module:
CLI only distro? No Problem!
Configuration:
There is a fair amount of configuration coming to logec in future updates. For now, you can customize the locations of your logs with
log_locations.yml
