Skip to content
/ Ellis Public

Ellis monitors journald for specific entries and triggers actions based on them.

License

Notifications You must be signed in to change notification settings

Frzk/Ellis

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

60 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Ellis

Ellis monitors systemd-journald logs for specific entries and triggers actions based on them.

Ellis can obviously be used as an Intrusion Prevention System (IPS) but can also be used in a more general way to run a Python script whenever a pattern appears in the logs.

About

I started Ellis as a pet project with two ideas in mind:

  • I wanted to build something based on Python's asyncio framework because it looked very interesting and powerful - I needed to learn more about it ! ;
  • I also wanted to be warned whenever someone would successfully log on my PC through SSH.

And then I realized that the combination of these two ideas would make a perfect candidate ! It then evolved into something more generic that looks a lot like the well-known fail2ban.

Ellis specifically focuses on systemd-journald. It's written in Python and uses the asyncio framework for better performance (well, I hope so).

Features

  • Monitors systemd-journald logs for given patterns ;
  • Executes given commands when a pattern has been detected more than N times ;
  • Uses ipset or nftables to block traffic from malicious hosts ;
  • Can send e-mails to warn you about something ;
  • Handles multiple services (or systemd-units) ;
  • Single, simple config file.

Installing and configuring

Please read the Wiki.

Contributing / Helping

Code reviews, patches, comments, bug reports and feature requests are welcome. Please read the Contributing guide for further details.

About

Ellis monitors journald for specific entries and triggers actions based on them.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages