Data

Tools

Indexes

Applications

Experiments

Open Source Science

llm-log-analyzer

A small python file that uses a local LLM, such as ollama, to analyze text files given a prompt. Designed for log files

https://github.com/stratosphereips/llm-log-analyzer

Science Score: 44.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
    Found CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
  • Academic publication links
  • Academic email domains
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (9.6%) to scientific vocabulary
Last synced: 6 months ago · JSON representation ·

Repository

A small python file that uses a local LLM, such as ollama, to analyze text files given a prompt. Designed for log files

Basic Info
  • Host: GitHub
  • Owner: stratosphereips
  • License: gpl-2.0
  • Language: Python
  • Default Branch: main
  • Size: 29.3 KB
Statistics
  • Stars: 6
  • Watchers: 3
  • Forks: 1
  • Open Issues: 0
  • Releases: 0
Created about 1 year ago · Last pushed about 1 year ago
Metadata Files
Readme Contributing License Code of conduct Citation Security

README.md

LLM Log Analyzer

A simple python program to read a text file (designed for log files), and a prompt, and ask a local ollama server to analyze it.

Features

  • Contact local ollama

Install

bash python -m venv venv source venv/bin/activate python -m pip install -r requirements.txt

You also need ollama running in localhost.

Usage

python ./log-analyzer.py -f test-auth.log -c prompt.yaml

Example output

```bash python ./log-analyzer.py -f test-auth.log -c prompt.yaml

============================================================

LLM RESPONSE:

Based on the syslog lines, suspicious and abnormal behavior is observed:

  1. Repeated occurrences of deprecated options "RSAAuthentication" and "RhostsRSAAuthentication" being reprocessed. This could indicate that the system's SSH configuration is not up-to-date or is being overwritten by an automated process.

  2. Successful login attempts for users 'project' and 'root' from unknown IP addresses (147.12.82.196, 221.10.11.111). The authenticity of these logins cannot be verified due to the deprecated authentication methods used.

  3. A successful public key authentication attempt for user 'dev' from a trusted IP address (8.8.8.8) using RSA SHA256 encryption. This is an acceptable behavior, as it indicates secure access via public key authentication.

However, malicious activity could also be inferred in the following lines:

  1. An anonymous connection closed by an unknown IP address (192.168.42.20). The reason for this closure is unclear.

2. A failed password attempt from a different unknown IP address (221.10.11.111) and another known IP address that was expected to be authenticated successfully ('root' of 8.8.8.8), with the log noting "preauth" after the connection closure, possibly hinting at an external authentication mechanism like Kerberos or RDP.

```

About

This tool was developed at the Stratosphere Laboratory at the Czech Technical University in Prague.

Owner

  • Name: Stratosphere IPS
  • Login: stratosphereips
  • Kind: organization
  • Location: Prague

Cybersecurity Research Laboratory at the Czech Technical University in Prague. Creators of Slips, a free software machine learning-based behavioral IDS/IPS.

Citation (CITATION.cff) 

cff-version: 1.2.0
message: "If you use this software, please cite it as below."
authors:
- family-names: "YOUR_NAME_HERE"
  given-names: "YOUR_NAME_HERE"
  email: youremailhere
  affiliation: >-
      Stratosphere Laboratory, AIC, FEL, Czech
      Technical University in Prague
  orcid: "https://orcid.org/0000-0000-0000-0000"
- family-names: "Lisa"
  given-names: "Mona"
  email: youremailhere
  affiliation: >-
      Stratosphere Laboratory, AIC, FEL, Czech
      Technical University in Prague
  orcid: "https://orcid.org/0000-0000-0000-0000"
title: "repository-template"
version: 1.0.0
doi: 10.5281/zenodo.1234
date-released: 2022-07-13
url: "https://github.com/stratosphereips/repository-template"

GitHub Events

Total
  • Watch event: 6
  • Push event: 10
  • Create event: 13
Last Year
  • Watch event: 6
  • Push event: 10
  • Create event: 13

Dependencies

.github/workflows/autotag.yml actions
  • actions/checkout v2 composite
  • anothrNick/github-tag-action 1.36.0 composite
requirements.txt pypi
  • pyyaml *