Skip to content

P1c1s/suricata-watcher

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
web-ui
web-ui
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
suricata.sh
suricata.sh
 
 

Repository files navigation

Suricata Logo
What is Suricata?
"Your vigilant guardian in the digital world!"

Suricata Watcher

Suricata Watcher is a lightweight web dashboard built with HTML, CSS, JavaScript, and PHP, designed to quickly view and analyze logs generated by Suricata.

The tool reads directly from the Suricata eve.json log file and presents it in a browser-friendly view, allowing you to filter, search, and monitor events in real-time or near real-time.

✨ Features

  • ✅ Directly reads the eve.json file (NDJSON format)
  • ✅ Displays alerts in an easy-to-read table
  • ✅ Filter by severity, protocol, source/destination IP
  • ✅ Automatic or manual updates
  • ✅ Simple and lightweight interface, no heavy frameworks required

📦 Requirements

  • Debian packages apt install apache2 php libapache-mod-php
  • A server with PHP enabled (local setups like XAMPP, Apache, or Nginx work fine)
  • Read access to the eve.json file generated by Suricata

🚀 Quick Start

  1. Copy the project files into your web server directory as git clone https://github.com/P1c1s/suricata-watcher/ /var/www/html
  2. modify DOMAIN in suricata.sh
  3. modify define('BASE_URL', '<custom url>') in config/config.php
  4. Run .suricata.sh

Php classes

classDiagram
    class SuricataReader {
        - string token
        - string filePath
        + __construct(string token, string filePath)
        + setAuthentication(bool check = true) void
        + getLogs() array
        + getLogsJson() void
    }

    class SuricataAnalyzer {
        - array logs
        + __construct(array logs)
        + filterByEventType(string type) array
        + getValidEvents() array
        + getStats(string filePath) array
    }
    
    SuricataReader --> server : "get data"
    SuricataAnalyzer --> server : "analyze data"
Loading

JavaScript classes

classDiagram
    class SuricataClient {
        - string token
        - string endpoint
        - number refreshInterval
        + constructor(token, endpoint)
        + getLogs() Promise
        + getStats() Promise
        + startAutoRefresh(type, callback, intervalMs)
        + stopAutoRefresh()
    }

    class EveTable {
        - HTMLElement container
        - Array columns
        - Set visibleColumns
        - Object filters
        - number currentPage
        - number rowsPerPage
        - boolean autoRefreshActive
        + constructor(containerSelector, columns, rowsPerPage)
        + setAutoRefreshCallbacks(onStart, onStop)
        + render(data)
        - _formatDate(dateStr)
        - _getNestedValue(obj, path)
        - _filterData(data)
    }

    class EveCharts {
        - HTMLElement container
        - Object charts
        + constructor(containerId)
        + render(statsData)
    }

    SuricataClient --> EveTable : "get logs"
    SuricataClient --> EveCharts : "get stats"
Loading

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages