Documentation

See README.md for documentation.

Installing

See the install documentation for recommendations on installing.

Documentation

See README.md

Installing

Requirements: python 3.x, django >=2.0, pip.

Note: This installation is intended for development, and trying out the software. Using the built-in Python Django web server is not recommended in real security operations environments.

Step 1

• Download the release:

wget https://github.com/dogoncouch/ldsi/archive/v0.1-alpha.tar.gz
tar -xzf v0.1-alpha.tar.tz

• sha256sum:

ee9b47a733022979c9d2683676e85b63f2d0b55f7a00ea76ea711a7f072d7063  v0.1-alpha.tar.gz

Step 2

• Create a virtual environment and install django:

virtualenv -p python3 ldsi_env
source ldsi_env/bin/activate
pip install django

Step 3

• Create/migrate the database, and add fixtures:

cd ldsi-0.1-alpha
make new-db

Step 4

• Start the server:

python manage.py runserver

Step 5

• Try it: http://localhost:8000

Step 6

• Set up syslog service, clients

Notes

Parser Engine

To start the parser engine:

1. Edit the config file at config/parser.conf.
2. Run the parser inside a django shell:

python manage.py shell -c "import daemons.parser.parsecore ; daemons.parser.parsecore.start()"

The parser needs to be restarted on changes to the config file.

Sentry Engine

To start the rule engine:

1. Run the sentry engine inside a django shell:

python manage.py shell -c "import daemons.sentry.sentrycore ; daemons.sentry.sentrycore.start()"

Cleaner

Events have two different EOL dates for local and backup copies of events. The cleaner can use either to delete old events. There are two options:

1. Run the cleaner inside a django shell using the backup EOL date:

python manage.py shell -c "import daemons.cleaner.clean ; daemons.cleaner.clean.clean()"

2. Run the cleaner inside a django shell using the local EOL date:

python manage.py shell -c "import daemons.cleaner.clean ; daemons.cleaner.clean.clean(local=True)"

Cleaning should be handled by a cron job.