a free real-time log analyser
Log3 ("LogFree") is a free real-time log analyser.
It watches specified log files in real time and looks for certain entries.
If one occurs it runs appropriate function connected to it. All of this fully configurable.
Log3 is written in C++ and Bash.
It is divided into main program and modules which analyse logs. Therefore it is easy to activate and deactivate its functions. It is also simple to add your own module to do things you need.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
03) CURRENT VERSION
The latest release is 1.00.
In the latest version these modules are available and supported:
apache2_monitor -- Checks if someone has requested non-existing files or scripts and bans after too many tries. This module needs to be extended.
proftpd_monitor -- Looks for FTP (proftpd) breaking attempts and bans IP for some time after specified number of failures.
sshd_monitor -- Detects SSH breaking attempts and bans IP for some time after too many failures.
vsftpd_monitor -- Looks for FTP (vsftpd) breaking attempts and bans IP for some time after specified number of failures.
You can download source package including installer form the project download site
You have to unpack all files form source tar.gz archive and run install.sh script.
Installation and configuration issues are described in included readme file.
For the usage, please read 'readme' file included in the documentation.
If you would like to create a module, you will also find a instruction how to do this there.
If you need help try reading the instructions above. If you still cannot find the answer email me to piotrdabrowski.ultr@
Q: Where is the readme file?!
A: It's now included to version 1.00. Sorry for the delay.
09) CHANGE LOG
- error in default ban script configuration for Shorewall usage was corrected
- README file was included to the documentation directory in English and Polish versions
- modules now log their actions to /var/log/log3/
- sshd_monitor kills the connection when the IP is banned
- in apache2_monitor config you can now specify files, which will be ignored
- first release
10) TO DO
These things are missing or still being developed:
Create next standard modules, espacially for popular services daemons like other FTP servers. If you could send me log files names your system uses and particular log lines for different services, I would be grateful.
Rebuild the website and add the documentation section.
Probably some more things ...
My name is Piotr Dąbrowski. You can contact me at piotrdabrowski.ultr@