teler : Real-time HTTP Intrusion Detection

Teler is a real-time intrusion detection and threat alert based on a weblog that runs in a terminal with resources that we collect and provide by the community. ❤️


Real-time: Analyze logs and identify suspicious activity in real time.

Alerting: teler provides alerting when a threat is detected, push notifications include Slack, Mattermost, Telegram, and Discord.

Monitoring: We've our own metrics if you want to monitor threats easily, and we use Prometheus for that.

Logging: is also provided in file form or sends detected threats to the Zinc logs search engine.

Latest resources: Collections are continuously up-to-date.

Minimal configuration: You can just run it against your log file, write the log format and let the teler analyze the log and show you alerts!

Flexible log formats: teler allows any custom log format string! It all depends on how you write the log format in the configuration file.

Custom threat rules: Want to reach a wider range of threats instead of engine-based (default) rules? You can customize threat rules!

Incremental log processing: Need data persistence rather than buffer stream? teler has the ability to process logs incrementally through the on-disk persistence options.

Note: If you upgrade from prior to v2 frontwards there will be some break changes that affect configuration files. Appropriate adaptations can refer to teler.example.yaml file.

Why teler?

teler was designed to be a fast, terminal-based threat analyzer. Its core idea is to quickly analyze and hunt threats in real time!

All related documentation about installation, usage & configuration is on

Demo CLI & Dashboard

Get teler

Read Also