Nuhe 0.06

Nuhe is and some bug fixes and changes. w Nuhe is a rule basction when rules are matched againsts log(s) activity.

  Add it to your Download Basket!

 Add it to your Watch List!


Rate it!
send us
an update
GPL (GNU General Public License) 
3.2/5 25
Tuomo Makinen
ROOT \ Internet \ Log Analyzers
Nuhe is a rule based log monitoring system, which is capable of action when rules are matched againsts log(s) activity. Default Nuhe mode is to run on background (daemon), but it can also be used in foreground and log analyzer mode. Log analyzer mode just analyzes given logs and prints results to stdout; no action is taken when Nuhe is in analyzer mode.

Motive for Nuhe development started from security point of view and one purpose is to use it as a intrusion protection system that can react against certain kind of log activity. You can also use Nuhe as a vanilla "log filtering" system, that detects events from logs, logs them, but does not react against them.

One example of Nuhe usage is to use rule that detects multiple SSH connection attemps and drops IP address (e.g. with Linux iptables) where connections are coming. Nuhe is very handy in this situation, because user can configure it to ignore important IP addresses, so they're not blocked by firewall and specify events to be indentified only by IP address information.

With that rule and action handler user can paralyze brute force attacks. However Nuhe can be described as a general rule based monitoring system which can run system commands in phases based on time and event criteria and hopefully this gives many areas of use for it.

What's New in This Release:

This release contains an email ruleset for IMAP 4 and POP 3 servers, and fixes the ftpd ruleset.
There are bugfixes for the node manager and sensor, and other improvements.

Last updated on December 19th, 2007

#log monitoring #log activity #monitoring system #Nuhe #log #monitoring #activity

Add your review!