OpenCanary

Welcome to the OpenCanary guide.

OpenCanary is a daemon that runs canary services, which trigger alerts when (ab)used. The alerts can be sent to a variety of sources, including syslog, emails and a companion daemon opencanary-correlator.

The Correlator coalesces multiple related events (eg. individual brute-force login attempts) into a single alert sent via email or SMS.

Getting Started

The first section will get you quickly up and running with canary services sending alerts.

• OpenCanary
• Configuration
• Correlator

Services

Try these out in the OpenCanary configs for more typical server personalities.

• Linux Web Server
• Windows Server
• MySQL Server
• MSSQL Server

Alerting

Getting Started walks through two different ways to configure alerting: logging directly to a file, and sending alerts to the Correlator for email and SMS alerts. Other possibilities are below:

• Email Alerts
  • Send to a GMail address
  • Send with SMTP authentication
• HPFeeds

Indices and tables

• Index
• Module Index
• Search Page