- for project details, check out General.md
- for funtionality and guidelines, checkout User_Guide.md
- for debugged version, check out Final Version
- for dev history, check out : preliminary , Version 1, Version 2
- try immigrate from sqlite3 db into postgres
- generate alert system on a regular base - December
- whitelist and watchlist rule
- more data to test
- Batch files : (http://gobruen.com/progs/dos_batch/dos_batch.html)
initialize_db.py - create corresponding list at beginning, run once ONLY
whitelist.py - update whitelist with ips that are from internal or been authenticated already, no need to keep alert on
watchlist.py - update watchlist with ips that are suspicious and need to be alerted immediately / in a timely manner
v2.py - slightly modification with arrangement of codes and functions
classes.py - classes definition, accessed by other functions in py
operations.py - functions used to interact with database (query and insert)
operations.py replaced whitelist.py and watchlist.py
v2.py - directly interaction with databases
v2.py : plcae appropriate filters for whitelist rule
filters.py : using regex for selecting ips
validated output
fixed bugs
add functionalities that
- you can manually whitelisted ip
- you can remove entry from watchlist once you get the confimation and choose if reset the count
add output the watchlist result into excel file named 'files.xlsx'
tested on new data and fixed bugs
added very first spotted login based on ip and hostname, thus for later reference
update interaction with the databases , organizes them in a more concise way
- manually add whitelist entry
- remove entry from watchlist and reset the count
- observe an entry from it's very first appearance and most recent appearance
tried depopulating whitelist database memory by directly comparing with filter for running time efficieny, which is version 4
sub maxmind database download with geoip module
(https://stackoverflow.com/questions/31540009/importerror-cannot-import-name-in-python/31540162 )
'Failed' 'Invalid' 'Accepted' are currently keyword to find information when parsing through log file, however, there may be other cases where also contain those keywords.
- could solve by testing more data
- or by identifying all possible cases that could contain those keywords but irrelevant to our purposes