Releasing logalert.py – Smart piping of command output to email for alerting

Introduction

Today we are releasing a small but useful tool, logalert.py. This tool can be used to pipe standard output to email for the purpose of alerting. A simple caching system is used to avoid sending duplicate alerts within a certain timeframe.

The tool was developed for cases where you want a simple and robust way of being alerted whenever something interesting happens on a system, but you don’t have the luxury of a fancy SIEM or other alerting system.

Try it out yourself

We have published logalert.py on GitHub, along with all information to get started: https://github.com/NVISO-BE/logalert.py

The readme file on GitHub contains a set of concrete examples for which logalert.py could be useful. We give concrete example commands for alerting on high severity IDS alerts, a disk being about to fill up, a Raspberry Pi running hot or a suspicious VPN logon occurring.

An alert recieved through logalert.py whenever our Raspberry Pi runs too hot.
Includes automatic timestamp extraction!

We have found the use of logalert.py to be especially useful in combination with cron jobs: run a command each minute, pipe its standard output of logalert.py, and be alerted of changes by email (a suspicious logon or a new IDS hit for example). The possibilities however are endless: as long as you can pipe it to standard output, you can receive an alert.

We welcome any suggestions, bug reports or contributions on GitHub! 🐀

About the author

Daan Raman is in charge of NVISO Labs, the research arm of NVISO. Together with the team, he drives initiatives around innovation to ensure we stay on top of our game; innovating the things we do, the technology we use and the way we work form an essential part of this. Daan doesn’t like to write about himself in third-person. You can contact him at draman@nviso.be and find him on Twitter and LinkedIn.

Join the Conversation

1 Comment

Leave a comment

Leave a Reply

%d bloggers like this: