Feature Request: Add Support for Custom Text Log File Monitoring #146
Description
Description
I would like to request support for monitoring custom text log files in EvlWatcher. Currently, EvlWatcher works well with Windows Event logs but doesn't seem to properly handle arbitrary text log files generated by various applications, which are crucial for comprehensive security monitoring on Windows systems.
Use Case
Many applications (proxy servers, web servers, databases, custom applications, etc.) write their logs to text files rather than Windows Event Log. These logs often contain valuable security information, such as:
- Failed login attempts
- Connection attempts from potentially malicious sources
- Unusual access patterns
- Brute force attacks
Being able to monitor these logs and automatically ban IPs showing suspicious behavior would greatly improve the security posture of Windows servers.
Proposed Solution
I suggest adding a robust task type for text log files with the following features:
- Ability to specify any text log file path directly
- Support for various log formats through configurable regex patterns
- Ability to extract IP addresses from different log formats
- Configurable thresholds for detection (e.g., ban after X matching entries within Y seconds)
- Multiple time window options for different security scenarios
- Support for log rotation and file changes
Benefits
This enhancement would:
- Extend EvlWatcher's protection beyond Windows Event Log
- Provide a unified security solution for all applications running on Windows
- Eliminate the need for multiple security tools or custom scripts
- Make EvlWatcher more competitive with solutions like fail2ban on Linux
Current Workarounds
I've attempted to use the existing task configuration with various settings like TextFileTask, CustomTextLogTask, etc., but encountered errors indicating these task types aren't properly supported.
Additional Information
- EvlWatcher version: 2.1.6.2
- OS: Windows 11
Thank you for considering this feature request. I believe it would significantly enhance EvlWatcher's capabilities and make it a more comprehensive security solution for Windows environments.