Thanks to visit codestin.com
Credit goes to Github.com

Skip to content
/ LogCrunch Public

Lightweight SIEM for Cyberdefense Competitions and smaller networks.

5 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

TLop503/LogCrunch

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

59 Commits
.github/workflows
.github/workflows
 
 
agent
agent
 
 
scripts
scripts
 
 
server
server
 
 
structs
structs
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
README.MD
README.MD
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

LogCrunch - Logs from Everywhere, Anywhere.

LogCrunch is a proto-SIEM that aggregates logs by parsing user-defined targets and schemas at runtime to ingest logs. These are then sent to a centralized stash where they can be queried and investigated. LogCrunch's primary goal is to undercut the expected computational requirements for a SIEM to minimalize resource usage, focusing on Collegiate Cyber Defense Competitions and homelabs.

LogCrunch is built for UNIX systems, but support for Windows is planned for future releases.

Notes

LogCrunch is a student project for my Honor's Undergrad thesis. Issues and PRs are welcome, but please ask before attempting any major contributions, as they may need to wait until after my thesis defense. Feel free to reach out via GitHub issues or email me directly at tlop [at] tlop [dot] xyz. RFC 1149-compliant addresses available upon request.

Installation

Server (Must be Done First)

  1. Download and extract the latest release for your architecture.
  2. Generate or otehrwise configure TLS certificates. Note the path of the key and crt.
  3. Choose if you want to run the server as root or under a dedicated user
    1. Users will need access to read + write to /var/log/LogCrunch/* and /opt/LogCrunch/.
  4. Start the intake server, specifying each argument. Running the intake w/o arguments will list the up-to-date required parameters. You'll need to pass in the paths to your cryptography, where to listen for logs, and where to serve the WebUI.
    1. Note you may need to update your firewall to allow LogCrunch to receive data from the network.
  5. On the first startup, a (randomized) default password for the WebUI is printed to stdout. Upon first sign in to the WebUI, you will need to update this to something unique before you can access the query interface. There are no hardcoded password requirements, use your best judgement for your environment. 7. If you are locked out or otherwise unable to log in, you'll need to delete the /opt/LogCrunch/users directory and restart the server.

Agent(s)

  1. Download and extract the latest release for your architecture.
  2. Write a targets.yaml configuration file, specifying logs to read and how to parse them. An example can be found in Github. Some parsing schemas are built-in as well, these can be found in the MetaParser Registry.
  3. Start the agent, specifying arguments for the IP of the SIEM server, intake port, config path, and whether to verify the TLS certificates.

Automated Server Deployment, Dockerfiles, Etc.

Scripted installation methods are hosted in the utility repo.

Building from Source

  1. Install GoLang
  2. Clone the repository
  3. cd LogCrunch
  4. Compile with: go build -o LogCrunch-Server ./server; go build -o LogCrunch-agent ./agent

About

Lightweight SIEM for Cyberdefense Competitions and smaller networks.

Resources

Readme
Activity

Stars

5 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases 13

v0.10.0 - Authentication! Latest
Jan 6, 2026
+ 12 releases

Languages