Today, let’s dive into a little gem in the DFIR (Digital Forensics and Incident Response) world called MasterParser. This tool, designed by Eilay Yosfan, a Threat Researcher at Security Joes, takes your Linux logs and analyzes them to extract all the crucial security information. It’s incredibly handy for forensic investigations and incident response.
Imagine you’re peacefully monitoring your screens when—bam—an intrusion alert pops up on one of your Linux servers! Don’t panic; MasterParser has got you covered. Just feed it your logs, and it handles the rest.
In just a few seconds, it identifies all the important events, like SSH connections, account creations, password changes, etc., and produces a neatly summarized report with tables and stats.
No more hours spent manually combing through logs like a newbie—MasterParser does the job for you, and it does it well. If you want to see it in action, check out the project’s GitHub page; you won’t be disappointed. There are even sample reports to give you an idea. And the cherry on top—it’s open source!
Initially, the project was called AuthLogParser and focused on auth.log files. But after its success, Eilay decided to expand it, renaming it MasterParser to make it a more general tool capable of handling various log types.
Now, let’s get practical. How do you use this awesome tool?
- Clone the MasterParser GitHub repo or download the zip file.
- Extract the MasterParser-main folder to your desktop.
- Open PowerShell and navigate to the MasterParser-main folder:
cd "C:\Users\user\Desktop\MasterParser-main\" - To view the command menu, type:
.\MasterParser.ps1 -O Menu - Place your Linux log files in the 01-Logs folder.
- Start the analysis with the command:
.\MasterParser.ps1 -O Start
And there you have it—a clean and clear log analysis report in just a few clicks. Say goodbye to wading through endless logs, and with this, you’ll be a Linux DFIR pro in no time.
