search

teler-sh / teler

Real-time HTTP Intrusion Detection
https://teler.app
Apache License 2.0
3k stars 251 forks source link

[FEATURE] Daemonize teler #276

Closed dwisiswant0 closed 7 months ago

dwisiswant0 commented 1 year ago

Discussed in https://github.com/kitabisa/teler/discussions/274

Originally posted by **0xjmux** December 4, 2022 I'm trying to run teler against an nginx access log, like the below from the docs: ``` $ tail -f /var/log/nginx/access.log | teler -c /path/to/config/teler.yaml ``` However, all the resources I've found on the wiki/site have you run it in an active terminal session, or only analyze logs at a specific point in time. I'd like teler to analyze logs in real time, as they come in, and export it's own log in real time so it can be picked up by my SIEM system - which is configured to monitor teler's log file `/var/log/teler.log`. My many attempts to convert `teler` into a systemd service have failed - you can't have pipes in service commands, for one. I won't go through all the things I've tried, but I figure there has to be a way to run teler as a service that can be set up to run in the background, instead of live in the foreground taking up a tty. Is there a way to do this, and if so, how? Thanks.
dwisiswant0 commented 1 year ago

Dependent on #277.

clavinjune commented 1 year ago

how about changing the input from stdin to -f files-name? We can do tailing inside teler instead of depends on tail -f

for example:

$ teler -c /path/to/config/teler.yaml -f /var/log/nginx/access.log

reference

dwisiswant0 commented 1 year ago

how about changing the input from stdin to -f files-name? We can do tailing inside teler instead of depends on tail -f

Please see https://github.com/kitabisa/teler/issues/277.

asheroto commented 7 months ago

@dwisiswant0 have you guys considered hosting the docs locally? I'd love to contribute. Or maybe there's docs repo I'm missing?

Here's a simple example of daemonizing with automatic reloading on config change:

https://gist.github.com/asheroto/ff192448bb27b27e7c2d7cefdc24f308

dwisiswant0 commented 7 months ago

@asheroto - Hi, "the development of teler IDS is currently on hold"[^1] - this announcement was made last week through teler-announce@googlegroups. Your input regarding local development documentation has been duly noted, and we will be addressing it by migrating (or completely rewriting) the docs.

[^1]: [teler] Version 3 Roadmap 📝 [survey]

dwisiswant0 commented 7 months ago

I'm closing this issue as not planned.