sentinel-logs-agent
v1.0.4
Published
Lightweight cross-platform log collection agent for Sentinel-Logs SIEM - Works on Linux, Windows, macOS
Downloads
79
Maintainers
tanishjainReadme
Sentinel-Logs Agent
Lightweight log collection agent for Sentinel-Logs SIEM. Works on Linux, Windows, and macOS.
Features
- ✅ Cross-Platform - Linux, Windows, macOS
- ✅ Real-Time Monitoring - Watches log files for changes
- ✅ Offline Support - Caches logs when network unavailable
- ✅ Auto-Retry - Automatic reconnection and log transmission
- ✅ Low Resource Usage - Minimal CPU and memory footprint
- ✅ Secure - HTTPS with API key authentication
Installation
NPM (Recommended)
npm install -g sentinel-logs-agentFrom Source
git clone https://github.com/05tanish/sentinel-logs.git
cd sentinel-logs/Agent
npm install --productionQuick Start
1. Configure
Create config.json:
{
"backendUrl": "https://your-siem-server.com",
"apiKey": "your_agent_api_key",
"source": "web-server-01",
"logPaths": [
"/var/log/auth.log",
"/var/log/syslog"
]
}2. Run
# Start agent
node index.js
# Or if installed via NPM
siem-agent start3. Diagnose Connectivity (if issues)
# Test connection to backend
siem-agent-diagnoseThis will test:
- Network connectivity
- Port accessibility
- Backend API health
- Authentication
- Log ingestion
Configuration
| Parameter | Required | Description | Example |
|-----------|----------|-------------|---------|
| backendUrl | Yes | SIEM server URL | https://10.0.1.100 |
| apiKey | Yes | Agent API key | sentinel_key_abc123... |
| source | Yes | Unique agent identifier | web-server-01 |
| logPaths | Yes | Log files to monitor | ["/var/log/auth.log"] |
| retryInterval | No | Retry delay (ms) | 30000 (default) |
Run as Service
Linux (systemd)
sudo tee /etc/systemd/system/siem-agent.service > /dev/null <<EOF
[Unit]
Description=Sentinel-Logs Agent
After=network.target
[Service]
Type=simple
User=root
WorkingDirectory=/opt/sentinel-logs/Agent
ExecStart=/usr/bin/node index.js
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target
EOF
sudo systemctl enable siem-agent
sudo systemctl start siem-agentWindows (NSSM)
# Install NSSM
choco install nssm
# Install service
nssm install SentinelAgent "C:\Program Files\nodejs\node.exe" "C:\sentinel-logs\Agent\index.js"
nssm start SentinelAgentCommon Log Paths
Linux
/var/log/auth.log # Authentication logs
/var/log/syslog # System logs
/var/log/nginx/*.log # Nginx logs
/var/log/apache2/*.log # Apache logsWindows
C:\Windows\System32\winevt\Logs\Security.evtx
C:\inetpub\logs\LogFiles\W3SVC1\*.logmacOS
/var/log/system.log
/var/log/secure.logVerification
# Check agent status
sudo systemctl status siem-agent
# View logs
sudo journalctl -u siem-agent -f
# Test connectivity
curl -k https://your-siem-server/api/healthTroubleshooting
Agent shows "Backend offline"
# Test connectivity
curl -k https://your-siem-server/api/health
# Check firewall
sudo ufw status
# Verify API key
cat config.json | grep apiKeyNo logs being sent
# Check log file permissions
ls -la /var/log/auth.log
# Make readable
sudo chmod 644 /var/log/auth.log
# Restart agent
sudo systemctl restart siem-agentHigh CPU usage
Reduce monitored files or increase retryInterval in config.
Development
# Install dependencies
npm install
# Run in development
npm start
# Run tests
npm testAPI
Heartbeat
POST /api/agent/heartbeat
Content-Type: application/json
x-api-key: your-api-key
{
"source": "agent-name",
"hostname": "server-01",
"platform": "linux",
"status": "online"
}Log Submission
POST /api/logs
Content-Type: application/json
x-api-key: your-api-key
{
"source": "agent-name",
"raw": "log message",
"timestamp": "2024-01-01T12:00:00Z"
}Links
- GitHub: https://github.com/05tanish/sentinel-logs
- NPM: https://www.npmjs.com/package/sentinel-logs-agent
- Documentation: https://github.com/05tanish/sentinel-logs/wiki
- Issues: https://github.com/05tanish/sentinel-logs/issues
License
MIT License - see LICENSE
Made with ❤️ for Security Professionals