X-Debbugs-Cc: debian-mentors@lists.debian.org
Package: wnpp
Owner: Roman Fiedler <roman.fiedler@ait.ac.at>
Severity: wishlist
Package name: logdata-anomaly-miner
Version: 0.0
Upstream Author: Roman Fiedler <roman.fiedler@ait.ac.at>
URL: FIXME
Sources URL: [Seems https://alioth.debian.org/projects/collab-maint/ is
recommended, would be nice using it. Requirements?]
License: GPLv3
Programming Lang: Python
Description: logdata-anomaly-miner is a GUI-less server component
to analyze log lines and detect anomalies via various methods:
Dependencies: python
Long description:
logdata-anomaly-miner allows to create log analysis
pipelines to analyze log data streams and detect violations
or anomalies in it. It can be run from console, as daemon with
e-mail alerting or embedded as library into own programs. It
was designed to run the analysis with limited resources and
lowest possible permissions to make it suitable for production
server use. Analysis methods include:
.
* static check patterns similar to logcheck but with extended
syntax and options.
* detection of new data elements (IPs, user names, MAC addresses)
* statistical anomalies in log line frequencies
* correlation rules between log lines as described in th AECID
approach http://dx.doi.org/10.1016/j.cose.2014.09.006
.
The tool is suitable to replace logcheck but also to operate
as a sensor feeding a SIEM.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature