Log Analyzer

Analyze logs to detect suspicious activity and security events.

How analysis works

  • Parsing and normalization: Attempts to extract timestamp, host, service, level, IP, and username. For web logs, it also extracts method, path, and status. Every line is always preserved as raw text.
  • Rule-based detection: Runs a deterministic set of rules covering authentication attacks, web probing, privilege escalation, persistence, malware indicators, and scanning patterns.
  • Correlation windows: Detects bursts over short time windows, such as SSH brute force per IP, password spraying across many users, many 404 responses across many paths, and fail-then-success sequences.
  • Evidence in matched lines: Every finding includes the real log lines that matched the rule, so you can triage quickly with concrete evidence.
  • Tuning and allowlisting: Thresholds and allowlists reduce false positives, for example localhost and common health endpoints.
  • Privacy: Analysis runs in memory. Logs are not stored and are not forwarded.

Upload log file

Drag and drop a .log or .txt file here, or click to browse.

Maximum 5 MB