The loggenerator from paulpc

loggenerator's Introduction

== LogGenerator

This projects attempts to create a small log generator that will eventually take a scenario fileas well as the network parameters (zones, ip ranges, type of servers) and will spit out log traffic for a log analysis appliance

Before you try it, please create the ./lib/output/ and ./lib/output/mm folders. I'll fix this later, i just didn't want to upload all the resulting logs to github.

As of *right now* the scenario is fixed in the main.rb file. It outputs the logs in the ./lib/output/ folder with different file names for each source. Whenever I put this together to facilitate a log analysis TableTopExercise, I wanted to focus on a few specific log sources including:
- Windows machines / servers (I think i modeled it after XP and 2003 servers)
- linux logs
- sendmail logs
- bluecoat web proxy logs
- apache web logs
- firewall logs that may look like juniper logs.

The current default scenario looks something like:
1. generating some random bening traffic on the firewall and web proxy
2. generating the servers (a mail server, a linux servers, 2 apache servers)
3. generating some random and bening logs from the windows hosts
4. starting some reconnesaince events with a port scan
5. continuing with some web app scanning
6. an email comes from a vendor
7. an admin logs in the firewall and sets up some bad rules
8. vendor will try to log into the server. At the same time, the servers are getting attacked
9. ssh bruteforce happens on the vendor account
10. evil is brewing on the compromised server, and starts spreading

Part of the materials I gave out in the TTX was a mind map of the services / users / hosts before the compromise, and one after the compromise (those should be automatically generated (though maybe in an old version of FreeMind) and placed in ./lib/output/mm/

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.

loggenerator's People

Contributors

Stargazers

Watchers

loggenerator's Issues

Rakefile Outdated

Use the updated Rakefile as below

require 'rubygems'
require 'rake'
require 'rake/clean'
require 'rubygems/package_task'
require 'rdoc/task'
require 'rake/testtask'

spec = Gem::Specification.new do |s|
s.name = 'LogGenerator'
s.version = '0.0.1'
s.has_rdoc = true
s.extra_rdoc_files = ['README', 'LICENSE']
s.summary = 'log generator collection of scripts that will generate fake log traffic from a few different sources'
s.description = s.summary
s.author = 'Paul Poputa-Clean'
s.email = '[email protected]'
s.files = %w(LICENSE README Rakefile) + Dir.glob("{bin,lib,spec}/**/*")
s.require_path = "lib"
s.bindir = "bin"
end

Gem::PackageTask.new(spec) do |p|
p.gem_spec = spec
p.need_tar = true
p.need_zip = true
end

Rake::RDocTask.new do |rdoc|
files =['README', 'LICENSE', 'lib/**/*.rb']
rdoc.rdoc_files.add(files)
rdoc.main = "README" # page to start on
rdoc.title = "LogGenerator Docs"
rdoc.rdoc_dir = 'doc/rdoc' # rdoc output folder
rdoc.options << '--line-numbers'
end

Rake::TestTask.new do |t|
t.test_files = FileList['test/**/*.rb']
end

Recommend Projects

paulpc / loggenerator Goto Github PK

loggenerator's Introduction

loggenerator's People

Contributors

Stargazers

Watchers

loggenerator's Issues

Rakefile Outdated

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent

Jobs