This is a modular IF-MAP client based on Java and the ifmapj IF-MAP library. It supports to read log information from several different services and publish them to a MAP-Server. This refactored version was developed during the SIMU research project and supports monitoring of the following services:
- Snort
- iptables
- Icinga
- Nagios
- LDAP
- OpenVPN
- FreeRADIUS
This project requires the SIMU Metadata Factory to be installed in your local Maven repository. The factory may be downloaded here. Besides this library there are some further requirements to compile and run the file integrity monitor:
- Java 7 or higher
- Maven 3
To compile this project the Oracle JDK is preferred but it may work as well on other JDK implementations. Any Java 7 compatible JRE (Oracle, OpenJDK, Apple) should be able to run the application.
Follow these steps to compile the project:
- Make sure that you have the SIMU Metadata Factory installed
- Open a command prompt and change directory to the root of this project
- Execute
mvn package - Unpack the contents of
target/decomap-0.2.0.0.dist.ziportarget/decomap-0.2.0.0.dist.tar.gzto your chosen installation directory
The application may be configured manually by editing the files in the config/ directory, but it is recommended to use the configuration GUI, which is available from this repository. The .tpl files in the config/ directory include comments that describe what a specific property does.
To run the application simple execute java -jar decomap-0.2.0.0.jar inside the installation directory. All clients except iptables will run under any user account that has access to the log files to be monitored. The iptables module requires root rights because it must interact with iptables directly.
The source code and all other contents of this repository are copyright by DECOIT GmbH and licensed under the terms of the Apache License Version 2.0. A copy of the license may be found inside the LICENSE file.