analyzer-d4-log polls this queue periodically to produce counts and statistics of the data. At the moment, only sshd logs are supported but more will come in the future.
# SSHD log analysis
## Output generation
Every once in a while, analyzer-d4-log compiles the result into a svg images and csv files. It will also produce a minimalist webpage to navigate the data with a datarangepicker.;
![](assets/analyzer-d4-log.png)
## MISP export
I addition to this graphical view, the repository contains a MISP_export folder that allows for the publication of a MISP feed of daily events. It compiles the TOP 100 usernames and sources seen in ssh login failure by D4 sensors.
![](assets/dailyMISPevent.png)
![](assets/d4_auth_MISPobject.png)
Since MISP 2.4.128, MISP can conveniently display this data through specialized widgets.