Real-time terminal-based intrusion detection for your web servers.
R

Real-time terminal-based intrusion detection for your web servers.

Real-time terminal-based intrusion detection for your web servers.

CLI
3,080 stars
N/A forks
N/A contributors

README

Project documentation from GitHub

Real-Time Threat Hunting in Your Terminal with Teler

Ever feel like you're flying blind when it comes to attacks on your web applications? Logs are great for post-mortems, but by the time you sift through them, the damage might already be done. What if you could see malicious traffic as it happens, right in your terminal?

That's the gap teler fills. It's an open-source intrusion detection system that runs alongside your web server, analyzing logs in real-time to alert you about common web-based threats. No complex dashboards, no external services—just immediate, actionable alerts where you're already working.

What It Does

Teler is a real-time threat detection tool for your web server logs. You run it as a companion process to applications like Nginx, Apache, or even your custom Go server. It ingests log entries as they are generated and checks each request against a set of security rules and threat intelligence feeds.

When it detects something suspicious—like a path traversal attempt, SQL injection payload, or a request from a known malicious IP—it prints a detailed alert directly to your terminal or a designated output. It's like having a dedicated security guard watching your access logs, tapping you on the shoulder the moment something sketchy happens.

Why It's Cool

The real charm of teler is its simplicity and immediacy. It's built for developers who want clarity without overhead.

  • Real-Time, Not Retroactive: You're notified of attacks as they occur. This allows for potentially blocking an ongoing brute-force attack or scanning campaign before it completes.
  • Terminal-First Design: The alerts are designed for readability in a terminal. You get a clear, color-coded breakdown of the threat type, the offending request, and the matched pattern, all without leaving your command line.
  • Extensible and Customizable: It comes with a solid set of default threat patterns (common OWASP Top 10 stuff, bad bots, scrapers), but you can easily define your own custom rules using regular expressions or substring matching to catch patterns specific to your application.
  • Lightweight and Portable: It's a single binary written in Go. You can run it anywhere your web server runs, from your local dev machine to a production VPS, without a heavy installation process.

How to Try It

Getting started is straightforward. The quickest way is with go install:

go install github.com/teler-sh/teler@latest

You can then run it by piping your web server's access logs into it. For example, with Nginx:

tail -f /var/log/nginx/access.log | teler -c /path/to/teler.yaml

The

Did you like this issue?

Join our weekly newsletter

Related Projects

Love discovering amazing projects?

Help us continue bringing you the best open-source discoveries every week.

Back to Projects
Last updated: Dec 30, 2025