Nuhe 0.01 reviewDownload
Nuhe is a rule based log monitoring system, which is capable of action when rules are matched againsts log(s) activity
Nuhe is a rule based log monitoring system, which is capable of action when rules are matched againsts log(s) activity. Default Nuhe mode is to run on background (daemon), but it can also be used in foreground and log analyzer mode. Log analyzer mode just analyzes given logs and prints results to stdout; no action is taken when Nuhe is in analyzer mode.
Motive for Nuhe development started from security point of view and one purpose is to use it as a intrusion protection system that can react against certain kind of log activity. You can also use Nuhe as a vanilla "log filtering" system, that detects events from logs, logs them, but does not react against them.
One example of Nuhe usage is to use rule that detects multiple SSH connection attemps and drops IP address (e.g. with Linux iptables) where connections are coming. Nuhe is very handy in this situation, because user can configure it to ignore important IP addresses, so they're not blocked by firewall and specify events to be indentified only by IP address information.
With that rule and action handler user can paralyze brute force attacks. However Nuhe can be described as a general rule based monitoring system which can run system commands in phases based on time and event criteria and hopefully this gives many areas of use for it.
Nuhe 0.01 keywords