Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to use Teler for real-time HTTP intrusion detection". Interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn how to use Teler for real-time HTTP intrusion detection.

Teler

Teler is a real-time intrusion detection tool based on Web log, which can help researchers to detect HTTP intrusion and issue threat alerts in real time. It is a command-line tool that implements its functions based on many other projects and resources in the community. In short, Telter is a fast terminal-based threat analysis tool, whose core idea is to quickly analyze and search for threats in real time!

Function introduction

Real-time analysis: support real-time analysis of logs and real-time identification of suspicious activities.

Alerts: when threat activity is detected, Teler can issue alert alerts and push message notifications through tools such as Slack, Telegram, and Discord.

Monitoring: we provide some threat metrics to help you monitor threats more easily, and here we use Prometheus.

Up-to-date resources: inherited resources within the tool are constantly updated.

Flexible log format: Teler supports any custom log format string, depending on the log format we defined in the configuration file.

Incremental log processing: need data persistence instead of buffered flows? Teler can handle logging incrementally through the persistence option on disk.

Tool installation binary installation

The installation of the tool is very simple. We can directly visit the Releases page of the project to download the prebuilt binaries, then unpack them and run them. Alternatively, you can execute the following command:

Curl-sSfL 'https://ktbs.dev/get-teler.sh' | sh-s-b / usr/local/binDocker installation

We can use the following command to get the Docker image:

Docker pull kitabisa/teler source code installation

At this point, you need to install and configure the Go v1.14 + environment:

GO111MODULE=on go get-v-u ktbs.dev/teler/cmd/teler

To update the tool, you can use the go get command and the-u option directly.

Use the GitHub installation git clone https://github.com/kitabisa/telercd telermake buildmv. / bin/teler / usr/local/bin tool

Teler is very simple to use, just run the following command:

[buffers] | teler-c / path/to/config/teler.yaml# or teler-I / path/to/access.log-c / path/to/config/teler.yaml

If you are using a Docker image, run the following command:

[buffers] | docker run-I-- rm-e TELER_CONFIG=/path/to/config/teler.yaml teler# or docker run-I-- rm-e TELER_CONFIG=/path/to/config/teler.yaml teler-- input / path/to/access.log tool option teler-h

The above command displays help for the tool:

Here are all the options supported by the tool:

Option

Description

Sample

-c

-- config

Teler profile

Kubectl logs nginx | teler-c / path/to/config/teler.yaml

-I

-- input

Log analysis

Teler-I / var/log/nginx/access.log

-x

-- concurrent

Set the concurrency level of the analysis log (default is 20)

Tail-f / var/log/nginx/access.log | teler-x 50

-o

-- output

Store detected threats in a file

Teler-I / var/log/nginx/access.log-o / tmp/threats.log

-- json

Display the relevant threat information in JSON format in the terminal

Teler-I / var/log/nginx/access.log-- json

-- rm-cache

Delete all cache resources

Teler-rm-cache

-v

-- version

Show current Teler version

Teler-v

Notification push

The notification push options we provide are as follows:

Slack

Telegram

Discord

We can configure notification alerts in the following ways:

Notifications: slack: token: "xoxb-..." Color: "# ffd21a" channel: "G30SPKI" telegram: token: "12346WA ABCML DEF1234..." Chat_id: "- 111000" discord: token: "NkWkawkawkawkawka.X0xo.n-kmZwA8aWAA" color: "16312092" channel: "70000000000000000."

We can also disable alerts or specify where alerts are sent:

Sample operation of alert: active: true provider: "slack" tool

At this point, I believe you have a deeper understanding of "how to use Teler for real-time HTTP intrusion detection". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.