Recent Trends in Cloud Computing and Web Engineering (e-ISSN: 3048-6068)

Traditional Security Information and Event Management (SIEM) systems, while powerful, often come with high resource demands, complex configurations, and significant licensing costs, making them less suitable for small organizations and individual users. Siemstress is a lightweight, command-line-based SIEM solution designed to address these challenges by providing essential SIEM functionalities in a modular and resource-efficient manner. Developed in Python, Siemstress comprises multiple CLI tools that support log parsing, event querying, alert triggering, and rule management. It utilizes simple configuration files and a relational database backend to ensure flexibility and extensibility. Siemstress employs helper configurations and parsing sections to extract structured data from unstructured log files, enabling efficient event storage and retrieval. The system is particularly well-suited for Unix/Linux-based environments and can be seamlessly integrated with existing logging infrastructures. Its open and modular design allows users to customize parsing rules, define alert conditions, and manage event data without relying on external analytics engines or cloud services. With minimal system requirements and no graphical interface, Siemstress is ideal for deployment in resource-constrained environments such as Raspberry Pi devices or low-end servers. This project aims to democratize access to SIEM capabilities by offering a simple, transparent, and easily configurable alternative to commercial solutions. Experimental results demonstrate that Siemstress can effectively detect and report common security incidents, including failed SSH login attempts and suspicious activity patterns. In conclusion, Siemstress presents a viable and scalable solution for lightweight, command-line-driven security monitoring, offering both practical utility and extensibility for future enhancements.

Stallings, W., Network Security Essentials: Applications and Standards, 6th ed., Pearson, 2017.

Kent, K., & Souppaya, M., "Guide to Computer Security Log Management", NIST Special Publication 800-92, 2006

Scarfone, K., & Mell, P., "Guide to Intrusion Detection and Prevention Systems (IDPS)", NIST, 2007.

Chuvakin, A., Schmidt, K., & Phillips, C., Logging and Log Management: The Authoritative

Guide to Understanding the Concepts Surrounding Logging and Log Management, Syngress, 2012.

Allen, J., "Security Information and Event Management (SIEM) Implementation", Carnegie Mellon Software Engineering Institute, 2006.

Microsoft Docs – "Kusto Query Language (KQL) Overview", Microsoft Learn, https://learn.microsoft.com.

Splunk Documentation – "How Splunk Works", https://docs.splunk.com.

GitHub – dogoncouch, Siemstress, https://github.com/dogoncouch/siemstress.

Ubuntu Documentation – "System Logging", https://help.ubuntu.com.