{"id":29966242,"url":"https://github.com/l0g0rhythm/logtool","last_synced_at":"2025-08-04T02:32:34.159Z","repository":{"id":307597358,"uuid":"1030063085","full_name":"L0g0rhythm/LogTool","owner":"L0g0rhythm","description":"LogTool is an advanced toolkit, developed in PowerShell, for the collection, analysis, and reporting of Windows Event Logs, with a focus on security and efficiency.","archived":false,"fork":false,"pushed_at":"2025-08-01T03:28:46.000Z","size":26,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-08-01T05:30:47.529Z","etag":null,"topics":["auditing","automation","cli","diagnostics-tool","log-analysis","powershell","powershell-script","reporting","security","security-audit","security-auditing","security-hardening","security-tools","windows","windows-event-log"],"latest_commit_sha":null,"homepage":"","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/L0g0rhythm.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-08-01T03:13:05.000Z","updated_at":"2025-08-01T03:28:50.000Z","dependencies_parsed_at":"2025-08-01T05:30:49.482Z","dependency_job_id":"11a81ee6-6e78-463f-83f2-12860fe24102","html_url":"https://github.com/L0g0rhythm/LogTool","commit_stats":null,"previous_names":["l0g0rhythm/logtool"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/L0g0rhythm/LogTool","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/L0g0rhythm%2FLogTool","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/L0g0rhythm%2FLogTool/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/L0g0rhythm%2FLogTool/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/L0g0rhythm%2FLogTool/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/L0g0rhythm","download_url":"https://codeload.github.com/L0g0rhythm/LogTool/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/L0g0rhythm%2FLogTool/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":268639931,"owners_count":24282678,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-04T02:00:09.867Z","response_time":79,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auditing","automation","cli","diagnostics-tool","log-analysis","powershell","powershell-script","reporting","security","security-audit","security-auditing","security-hardening","security-tools","windows","windows-event-log"],"created_at":"2025-08-04T02:31:42.484Z","updated_at":"2025-08-04T02:32:34.150Z","avatar_url":"https://github.com/L0g0rhythm.png","language":"PowerShell","readme":"# 🛡️ LogTool - Professional Log Analysis Toolkit\r\n\r\n![PowerShell](https://img.shields.io/badge/PowerShell-5.1%2B-blue.svg)\r\n![License](https://img.shields.io/badge/License-MIT-green.svg)\r\n![Platform](https://img.shields.io/badge/Platform-Windows-lightgrey.svg)\r\n\r\n**LogTool is an advanced toolkit, developed in PowerShell, for the collection, analysis, and reporting of Windows Event Logs, with a focus on security and efficiency.**\r\n\r\nCreated for system administrators, security analysts, and power users, LogTool transforms the reactive task of digging through logs into a proactive, intelligent analysis. It allows you to quickly identify the root causes of instability, application crashes, or suspicious activities on your system.\r\n\r\n## ✨ Key Features\r\n\r\n- **⚙️ Configurable Collection Engine**: Easily define which event logs to collect, the maximum number of events, and apply specific filters by ID, Level, or Provider through a single `config.psd1` file.\r\n- **🧠 Intelligent Dual-Verdict Analysis**: The engine not only scans for critical Event IDs but also for suspicious keywords, providing two independent verdicts on the system's health.\r\n- **📊 Interactive HTML Reports**: Generate professional HTML reports with dynamic tables that allow real-time event filtering and expandable message details, making root-cause analysis faster than ever.\r\n- **🔒 Security-First Architecture**: Built with a proactive security mindset, featuring Path Traversal prevention, Output Encoding to mitigate XSS, and ACL Hardening on the generated log archives.\r\n- **♻️ Automated Lifecycle Management**: Includes an integrated cleanup system that automatically deletes old log archives based on age or quantity, helping to manage disk space.\r\n- **⚡ Performance-Optimized Code**: Utilizes high-performance data structures like `HashSet`, `StringBuilder`, and pipeline processing to minimize memory consumption and maximize speed.\r\n- **🚀 Smart Command-Line Interface**: Interact with the tool via a simple launcher (`lt.ps1`) with intuitive commands (`collect`, `analyze`, `create-report`) that translate user intent into powerful engine operations.\r\n- **✍️ Robust Error Handling \u0026 Auditing**: All critical operations are wrapped in `try/catch` blocks to ensure graceful failure, and all actions are logged to an audit file for full traceability.\r\n- **🌐 Internationalization (i18n) Support**: The UI and reports are translatable, with a localization engine that supports multiple languages out-of-the-box (EN/PT-BR).\r\n- **📦 Zero External Dependencies**: Runs natively on any modern Windows system with PowerShell, requiring no external modules or libraries.\r\n\r\n## 🚀 Getting Started\r\n\r\n### Prerequisites\r\n\r\n1. **Windows Operating System**\r\n2. **PowerShell 5.1** or higher\r\n3. **Administrator Privileges** (required to access system event logs)\r\n\r\n### Installation\r\n\r\nTo get started, clone the repository to a local directory on your machine.\r\n\r\n```bash\r\ngit clone https://github.com/L0g0rhythm/LogTool.git\r\ncd LogTool\r\n```\r\n\r\n## 🛠️ Usage\r\n\r\nAll commands are executed via the smart launcher `lt.ps1` from within a PowerShell terminal running as **Administrator**.\r\n\r\n### 1. Collect Logs\r\n\r\nThis is the first and most fundamental step. The `collect` command gathers event logs based on the rules in `config.psd1` and securely packages them into a `.zip` archive inside the `reports` directory.\r\n\r\n```powershell\r\n.\\lt.ps1 collect\r\n```\r\n\r\n### 2. Analyze an Archive (Console)\r\n\r\nAfter collecting logs, you can analyze them. This command provides an interactive list of available archives and displays a diagnostic summary directly in the console.\r\n\r\n```powershell\r\n.\\lt.ps1 analyze\r\n```\r\n\r\nThe tool will prompt you to select which archive to analyze.\r\n\r\n### 3. Create an HTML Report\r\n\r\nFor a more detailed and shareable analysis, generate an interactive HTML report.\r\n\r\n**Option A: Report from the latest archive**\r\n\r\n```powershell\r\n.\\lt.ps1 create-report\r\n```\r\n\r\n**Option B: Report from a specific archive**\r\n\r\n```powershell\r\n.\\lt.ps1 create-report-from -Path \".\\reports\\...\\archive.zip\"\r\n```\r\n\r\nAn HTML file will be generated in the same directory as the source archive.\r\n\r\n### 4. Advanced Filtering\r\n\r\nYou can refine your analysis on the fly with additional parameters:\r\n\r\n- `IncludeEventId`: Adds specific Event IDs to the critical analysis.\r\n- `Keyword`: Scans for a custom keyword in event messages.\r\n\r\n**Example:**\r\n\r\nAnalyze the latest archive, but also flag Event ID 5156 and search for the word \"firewall\".\r\n\r\n```powershell\r\n.\\lt.ps1 analyze -IncludeEventId 5156 -Keyword \"firewall\"\r\n```\r\n\r\n## 🔧 Configuration\r\n\r\nThe entire behavior of the LogTool is controlled by the `config.psd1` file. It allows you to customize:\r\n\r\n- **ToolSettings**: Set the language for the UI and reports (`en-US` or `pt-BR`).\r\n- **CollectionTasks**: Define which logs to collect (Security, Application, etc.), how many events, and apply specific filters.\r\n- **AnalysisConfig**: Specify which Event IDs are considered \"critical\" and which keywords should trigger an alert.\r\n- **LifecycleConfig**: Configure the automatic cleanup of old archives.\r\n\r\n## 🤝 Contributing\r\n\r\nContributions are welcome! If you find a bug or have a suggestion for a new feature, please open an issue or submit a pull request.\r\n\r\n## 📜 License\r\n\r\nDistributed under the MIT License. See `LICENSE` for more information.\r\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fl0g0rhythm%2Flogtool","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fl0g0rhythm%2Flogtool","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fl0g0rhythm%2Flogtool/lists"}