Docs · Tools
Log Analyzer
Point the Log Analyzer at a log file and it turns thousands of raw lines into a short list of the things that actually matter: brute-force attempts, injection payloads, traversal probes and privilege-escalation signals.
- Category
- Analysis
- Powered by
pure-Python pattern engine- Edition
- Free
- Where
- Desktop → Log Analyzer tab
What it does
The analyzer reads a log file line by line and matches each line against a curated library of attack patterns. Instead of grepping by hand, you get grouped, severity-ranked findings with the offending line and a short explanation of why it is suspicious.
- SSH / auth brute-force — repeated failed logins from the same source.
- SQL injection — classic payloads in request paths and parameters.
- Directory traversal —
../sequences and encoded variants. - Privilege escalation — suspicious
sudo/ setuid activity in system logs.
How to use it
auth.log, a Laravel log, or any plain-text log. You can analyze a copy you pulled from a server.What you get
A table of findings grouped by category and severity, each with the raw evidence line. This is a fast, offline triage step before you escalate — and it complements the always-on Log Monitoring the Fleet agent runs continuously, which feeds the same kinds of signals into the SecOps SIEM and rule engine.
Tips
- Analyze the most recent slice of a rotated log first — that is where live activity is.
- Pair a brute-force finding with the Firewall Advisor to block the source.
- For continuous coverage across many hosts, use the Fleet agent's Log Monitoring instead of one-off runs.
/docs/secops.