10 Commits

Author	SHA1	Message	Date
toto	20ebe7240e	Feat: Détection menaces HTTP via vues ClickHouse + simplification shutdown ... Nouvelles vues de détection (sql/views.sql) : - Identification hosts par IP/JA4 (view_host_identification, view_host_ja4_anomalies) - Détection brute force POST et query params variables - Header fingerprinting (ordre, headers modernes manquants, Sec-CH-UA) - ALPN mismatch detection (h2 déclaré mais HTTP/1.1 parlé) - Rate limiting & burst detection (50 req/min, 20 req/10s) - Path enumeration/scanning (paths sensibles) - Payload attacks (SQLi, XSS, path traversal) - JA4 botnet detection (même fingerprint sur 20+ IPs) - Correlation quality (orphan ratio >80%) ClickHouse (sql/init.sql) : - Compression ZSTD(3) sur champs texte (path, query, headers, ja3/ja4) - TTL automatique : 1 jour (raw) + 7 jours (http_logs) - Paramètre ttl_only_drop_parts = 1 Shutdown simplifié (internal/app/orchestrator.go) : - Suppression ShutdownTimeout et logique de flush/attente - Stop() = cancel() + Close() uniquement - systemd TimeoutStopSec gère l'arrêt forcé si besoin File output toggle (internal/config/*.go) : - Ajout champ Enabled dans FileOutputConfig - Le sink fichier n'est créé que si enabled && path != '' - Tests : TestValidate_FileOutputDisabled, TestLoadConfig_FileOutputDisabled RPM packaging (packaging/rpm/logcorrelator.spec) : - Changelog 1.1.18 → 1.1.22 - Suppression logcorrelator-tmpfiles.conf (redondant RuntimeDirectory=) Nettoyage : - idees.txt → idees/ (dossier) - Suppression 91.224.92.185.txt (logs exemple) Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>	2026-03-11 18:28:07 +01:00
toto	9db6848757	fix: critical Keep-Alive correlation bug - network events evicted prematurely ... - Fix cleanExpired() to use TTL map instead of event timestamp for B events - Increase default correlation time window from 1s to 10s - Increase default network TTL from 30s to 120s for long sessions - Use payload timestamp for network events when available (fallback to now) - Add comprehensive Keep-Alive tests (TTL reset, long session scenarios) - Bump version to 1.1.7 Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>	2026-03-03 16:32:48 +01:00
Jacquin Antoine	24aa84bd9c	test: add comprehensive tests to improve coverage ... - observability: added tests for LogLevel.String(), Warn(), Warnf(), Infof(), Debugf(), Error(), WithFields(), and concurrent access patterns - file: added tests for Reopen(), Close(), empty/whitespace paths, validateFilePath allowed/rejected paths, concurrent writes, Flush(), and marshal errors - config: added tests for TimeWindowConfig.GetDuration(), CorrelationConfig getters, validation scenarios (no inputs, no outputs, duplicate sockets, ClickHouse validation), and LogConfig.GetLevel() Coverage improvements: - observability: 57.7% → 79.5% - file: 68.6% → 78.6% - config: 69.8% → 97.7% - total: 68.6% → 74.4% Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>	2026-03-02 22:52:09 +01:00
Jacquin Antoine	324b0042f8	fix(rpm): example config in /etc/logcorrelator + socket permissions 0666 ... - Install logcorrelator.yml.example to /etc/logcorrelator/ instead of /usr/share/logcorrelator/ - Change default socket permissions from 0660 to 0666 (world read/write) - Bump version to 1.1.2 - Remove CHANGELOG.md Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>	2026-03-02 22:07:50 +01:00
Jacquin Antoine	27c7659397	fix: renforcer corrélation A/B et sorties stdout/fichier ... Co-authored-by: aider (openrouter/openai/gpt-5.3-codex) <aider@aider.chat>	2026-03-01 12:10:17 +01:00
Jacquin Antoine	a3ae5421cf	chore: version 1.0.7 - add log levels ... - Add configurable log levels: DEBUG, INFO, WARN, ERROR - Replace debug.enabled with log.level in configuration - Add Warn/Warnf methods for warning messages - Log orphan events and buffer overflow as WARN - Log parse errors as WARN - Log raw events and correlations as DEBUG Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>	2026-03-01 02:33:04 +01:00
Jacquin Antoine	56c2923121	chore: version 1.0.6 - simplify YAML configuration ... - Remove service.name and service.language (unused) - Remove enabled flags on outputs (presence = enabled) - Simplify correlation config: time_window_s (integer) instead of nested object - Simplify orphan_policy to emit_orphans boolean - Rename apache socket to http.socket - Add socket_permissions option for unix sockets (default: 0660) - Update tests for new configuration format Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>	2026-03-01 01:59:59 +01:00
Jacquin Antoine	180c57c35b	chore: release v1.0.2 with critical fixes and test improvements ... - fix: add missing ClickHouse driver dependency - fix: resolve race condition in orchestrator (single goroutine per source) - feat: add explicit source_type config for Unix socket sources - test: improve coverage from 50.6% to 62.0% - docs: add CHANGELOG.md with release notes - build: update version to 1.0.2 in build scripts and Dockerfiles Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>	2026-02-28 21:45:00 +01:00
Jacquin Antoine	f4d95eed41	test: update config tests for YAML format ... - Replace custom directive tests with YAML-based tests - Test valid YAML config loading - Test invalid YAML handling - Test default values with partial YAML config Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>	2026-02-27 15:54:13 +01:00
Jacquin Antoine	8fc14c1e94	Initial commit: logcorrelator with unified packaging (DEB + RPM using fpm) ... Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>	2026-02-27 15:31:46 +01:00