Skip to content

CONTRIBUTING.md

Latest commit

 

History

History
106 lines (75 loc) · 2.86 KB

CONTRIBUTING.md

File metadata and controls

106 lines (75 loc) · 2.86 KB

Contributing to LogReaper

Thanks for your interest in contributing to LogReaper! Whether it's a bug fix, new feature, detection pattern, or documentation improvement — all contributions are welcome.

Getting Started

Prerequisites

  • GCC or Clang (C11 support)
  • GNU Make
  • Linux environment (LogReaper targets Linux log formats)
  • Git

Build from Source

git clone https://github.com/bad-antics/nullsec-logreaper.git
cd nullsec-logreaper
make
./logreaper --help

Build Options

make DEBUG=1        # Debug build with symbols
make STATIC=1       # Static binary (no shared lib dependencies)

How to Contribute

1. Bug Reports

  • Use the Bug Report template
  • Include your OS/distro, GCC version, and the log file (or sanitized excerpt) that triggered the issue
  • Paste the full error output

2. Feature Requests

3. New Detection Patterns

LogReaper's value comes from its detection patterns. To add new ones:

  1. Identify the log format and threat category
  2. Write a POSIX-compatible regex pattern
  3. Test against real or realistic log samples
  4. Submit a PR with:
    • The pattern added to the appropriate category in src/main.c
    • A sample log line that triggers it (in PR description)
    • False positive testing notes

4. Code Changes

  1. Fork the repo
  2. Create a feature branch: git checkout -b feat/my-feature
  3. Make your changes
  4. Ensure it compiles cleanly: make clean && make
  5. Test with sample log files
  6. Commit with a clear message: git commit -m "feat: add syslog-ng parser support"
  7. Push and open a PR

Commit Message Format

We follow Conventional Commits:

feat: add new detection pattern for CVE-2024-XXXX
fix: buffer overflow in timeline output with long hostnames
docs: update install instructions for ARM64
refactor: split parser into separate module

Code Style

  • C11 standard (-std=c11)
  • 4-space indentation
  • snake_case for functions and variables
  • UPPER_CASE for constants and macros
  • Comments for non-obvious logic
  • Keep functions under 50 lines where possible
  • No compiler warnings with -Wall -Wextra

Testing

Currently LogReaper doesn't have automated tests (contributions welcome! — see issue #). To manually test:

# Test against system logs
sudo ./logreaper /var/log/syslog

# Test with verbose output
./logreaper -v /var/log/auth.log

# Test JSON output
./logreaper -j /var/log/kern.log

# Test live monitoring
./logreaper -f /var/log/syslog

License

By contributing, you agree that your contributions will be licensed under the MIT License.