This tool parses log data and allows to define analysis pipelines for anomaly detection. It was designed to run the analysis with limited resources and lowest possible permissions to make it suitable for production server use.
In order to install logdata-anomaly-miner a Linux system with python >= 3.6 is required. All Ubuntu and Debian versions that we have in the tests are currently recommended. There is only experimental support for Fedora. More specifically the tested systems include Debian Buster, Debian Bullseye, Debian Bookworm, Ubuntu 20.04, Ubuntu 22.04, Fedora (docker image fedora:latest), and RedHat (docker image redhat/ubi9).
See requirements.txt for further module dependencies
There are Debian packages for logdata-anomaly-miner in the official Debian/Ubuntu repositories.
apt-get update && apt-get install logdata-anomaly-miner
The following command will install the latest stable release:
cd $HOME
wget https://raw.githubusercontent.com/ait-aecid/logdata-anomaly-miner/main/scripts/aminer_install.sh
chmod +x aminer_install.sh
./aminer_install.sh
For installation with Docker see: Deployment with Docker
Here are some resources to read in order to get started with configurations:
Publications and talks:
A complete list of publications can be found at https://aecid.ait.ac.at/further-information/.
We're happily taking patches and other contributions. Please see the following links for how to get started:
If you encounter any bugs, please create an issue on Github.
If you discover any security-related issues read the SECURITY.md first and report the issues.
This project received financial support through the research projects CAIS (832345), CIIS (840842), and CISA (850199) in course of the Austrian KIRAS security research programme, the research projects synERGY (855457) and DECEPT (873980) in course of the ICT of the future programme of the Austrian Research Promotion Agency (FFG), the research project PANDORA (SI2.835928) in course of the European Defence Industrial Development Programme (EDIDP), as well as the research projects ECOSSIAN (607577) and GUARD (833456) in course of the European Seventh Framework Programme (FP7) and Horizon 2020.