Heads up, Echofish got a major feature boost release

Hi everyone,

We've been working hard over the last couple of months for a new release of Echofish and boy do we have a release for you, keep on reading ...


The Syslog view got a facelift along with some extra operations, as shown in the following screenshot.

Echofish Syslog view screenshot


The major addition to this release is the Abuser module, which allows you to extract IP's from messages (such as SASL authentication failures) and keep track of the IP Incidents and their Evidence.

Echofish Abuser Incidents view screenshot

We use this module internally (@Echothrust) for some time now in order to track and block spam attempts, general brute force attempts, range scans (zmap anyone?), persistent threats (such as returning scanners/spammers/"researchers") and all that from multiple sources and networks. The following screenshot demonstrates the correlation of an Abuser IP over different messages.

Echofish Abuser Incident Evidence view screenshot

v0.4 Changelog

Here is a "short" list of features and bug fixes that you will notice with this new version of Echofish.

  • Seperate database configuration from main config (config/main.php=>config/db.php) HEADS-UP
  • Access control rules consistency across all controller actions (CRITICAL)
  • Add action "Create Abuser Trigger from syslog entry" on Syslog grid
  • Introduce Hosts module under settings
  • Introduced initial CLI interface to interact with Echofish (reports generation and submission through mail, and initial export functionality of abuser IP's into OpenBGP communities).
  • Add dynamic / configurable page size for all manage operations
  • Corrected the links on the front page to point to the right places
  • Added version number on the footer so everyone knows what it runs
  • Added Facilities & Severities options on Syslog menu
  • Introduced Help mechanism (and their documentation) on all modules
  • Change syslog grid layout into full width, added bulk operations, and permanent header (TbExtendedGrid)
  • Reset filters on syslog grid after mass acknowledge operations
  • Added colored labels on severities
  • Make facility & severity also a link for filtering on syslog and archive views
  • Introduce Export/Import whitelist for backup purposes
  • Introduce Export/Import of abuser triggers for backup purposes
  • On view Abuser Incident made the syslog server a link and added tooltip for the short name of the system
  • On view Abuser Incident added ajax operation "Whois Abuser IP"
  • On view Abuser Incident added ajax operation "Check through DNSBL" to check the abuser IP against DNSBL services
  • Introduced syslog Hosts management under Settings menu
  • Introduced the ability to automatically add hosts as soon as we start receiving messages.
  • Introduce operation Resolve All in view Hosts to try and resolve all the syslog hosts through DNS
  • Corrected broken links and removed obsolete operations from all over the place
  • Make consistent layouts for the admin operations
  • On abuser reset/zero out counters also clear the evidence that links to syslog
  • Removed Advanced Search option from all Admin Grids

Where do I get it?

You can download and test the new release from our Github Echofish Repo.

Hope you enjoyed this sneak peak into the new features of Echofish.

Stay tuned