Teler is a real-time intrusion detection and threat alert based on a weblog that runs in a terminal with resources that we collect and provide by the community. ❤️
Real-time: Analyze logs and identify suspicious activity in real time.
Alerting: teler provides alerting when a threat is detected, push notifications include Slack, Mattermost, Telegram, and Discord.
Monitoring: We've our own metrics if you want to monitor threats easily, and we use Prometheus for that.
Logging: is also provided in file form or sends detected threats to the Zinc logs search engine.
Latest resources: Collections are continuously up-to-date.
Minimal configuration: You can just run it against your log file, write the log format and let the teler analyze the log and show you alerts!
Flexible log formats: teler allows any custom log format string! It all depends on how you write the log format in the configuration file.
Custom threat rules: Want to reach a wider range of threats instead of engine-based (default) rules? You can customize threat rules!
Incremental log processing: Need data persistence rather than buffer stream? teler has the ability to process logs incrementally through the on-disk persistence options.
Note: If you upgrade from prior to v2 frontwards there will be some break changes that affect configuration files. Appropriate adaptations can refer to teler.example.yaml file.
teler was designed to be a fast, terminal-based threat analyzer. Its core idea is to quickly analyze and hunt threats in real time!
All related documentation about installation, usage & configuration is on teler.app.