web-traffic-anomaly-detector
The Web Traffic Anomaly Detector is a Ruby on Rails application designed to monitor web traffic logs and detect anomalies such as high traffic from a single IP address or unusual request patterns. The project aims to help identify potential issues like bot attacks, unauthorized access, or other irregular activities in web server traffic. WIP
Web Traffic Anomaly Detector - Backend
The Web Traffic Anomaly Detector is a Ruby on Rails application designed to monitor web traffic logs and detect anomalies such as high traffic from a single IP address or unusual request patterns. The project aims to help identify potential issues like bot attacks, unauthorized access, or other irregular activities in web server traffic.
Features
- Log Monitoring: Collect and store web server logs (e.g., Apache, Nginx) in a PostgreSQL database.
- Anomaly Detection: Identify anomalies such as sudden traffic spikes, repetitive requests, or suspicious IP addresses using simple rules-based logic.
- Alerts and Reports: Notify users when anomalies are detected and provide basic reports on detected anomalies.
- Background Processing: Utilize background jobs with Sidekiq or Rails' built-in Active Job for asynchronous log processing.
- User Interface: A simple web UI to display logs, detected anomalies, and basic traffic visualizations using Chartkick or D3.js.
Technologies Used
- Backend: Ruby on Rails
- Database: PostgreSQL
- Background Jobs: Sidekiq or Rails Active Job
- Log Parsing: Logstash or custom Ruby scripts
- Data Visualization: Chartkick or D3.js
- Web Server: Apache or Nginx (for generating logs)
Getting Started
Prerequisites
- Ruby (version 3.0 or above)
- Rails (version 7.0 or above)
- PostgreSQL (version 13 or above)
- Redis (if using Sidekiq for background jobs)
- Apache or Nginx (for log generation)
Installation
-
Clone the Repository:
git clone https://github.com/your-username/web-traffic-anomaly-detector.git cd web-traffic-anomaly-detector -
Install Dependencies:
bundle install -
Set Up Database:
Create and migrate the database:
rails db:create rails db:migrate -
Configure Web Server:
Set up Apache or Nginx on your local machine to generate logs. Ensure logs are accessible by your Rails application for ingestion.
-
Start the Rails Server:
rails server
Running Background Jobs
Setup Redis, Sidekiq
sudo apt update
sudo apt install redis-server
sudo systemctl start redis-server
sudo systemctl status redis-server
gem 'sidekiq'
bundle exec sidekiq
Configuration
config/initializers/sidekiq.rb
config/application.rb
Set Up Apache Web Server
- Create an Apache configuration file for the web server. Save this as web_server_test.conf in /etc/apache2/sites-available/
sudo a2ensite web_server_test.conf
sudo systemctl reload apache2
-
Create a sample HTML file for testing in /path/to/your/workspace/web_server_test/html/index.html
-
Create Log Parsing Script Create a log parsing script in lib/log_parsers/parse_logs.rb:
Setup background jobs with sidekiq
rails generate job AnomalyDetection
bundle exec sidekiq
Alerts and Notifications
- Create Mailer
rails generate mailer AnomalyMailer
- Configure Email Settings
config/environments/development.rb
- Develop Alert Templates
app/views/anomaly_mailer/anomaly_alert.html.erb
- Integrate Alerts with Detection
app/services/anomaly_detector.rb
- Testing
anomaly = Anomaly.first
AnomalyMailer.anomaly_alert(anomaly).deliver_now