{"id":42656121,"url":"https://github.com/secwexen/log-anomaly-detector","last_synced_at":"2026-01-29T08:04:47.582Z","repository":{"id":333669892,"uuid":"1127240020","full_name":"secwexen/log-anomaly-detector","owner":"secwexen","description":"log-anomaly-detector is a lightweight yet powerful machine‑learning–based anomaly detection tool designed for security analysts, SOC teams, and threat hunters. It analyzes system and application logs (such as syslog, auth.log, and web server logs) to automatically identify unusual patterns, suspicious behavior, and potential security incidents.","archived":false,"fork":false,"pushed_at":"2026-01-27T18:31:44.000Z","size":85,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-01-28T04:55:07.267Z","etag":null,"topics":["anomaly-detection","cli-tool","cybersecurity","data-preprocessing","flask","intrusion-detection","isolation-forest","local-outlier-factor","log-analysis","log-monitoring","machine-learning","ml-security","one-class-svm","python","security-automation","security-tool","siem","threat-hunting","unsupervised-learning"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/secwexen.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-01-03T13:30:08.000Z","updated_at":"2026-01-27T18:31:48.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/secwexen/log-anomaly-detector","commit_stats":null,"previous_names":["secwexen/log-anomaly-detector"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/secwexen/log-anomaly-detector","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secwexen%2Flog-anomaly-detector","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secwexen%2Flog-anomaly-detector/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secwexen%2Flog-anomaly-detector/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secwexen%2Flog-anomaly-detector/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/secwexen","download_url":"https://codeload.github.com/secwexen/log-anomaly-detector/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secwexen%2Flog-anomaly-detector/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28871405,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-29T07:35:32.468Z","status":"ssl_error","status_checked_at":"2026-01-29T07:33:31.463Z","response_time":59,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["anomaly-detection","cli-tool","cybersecurity","data-preprocessing","flask","intrusion-detection","isolation-forest","local-outlier-factor","log-analysis","log-monitoring","machine-learning","ml-security","one-class-svm","python","security-automation","security-tool","siem","threat-hunting","unsupervised-learning"],"created_at":"2026-01-29T08:04:44.685Z","updated_at":"2026-01-29T08:04:47.572Z","avatar_url":"https://github.com/secwexen.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# log-anomaly-detector\n\n![Python Versions](https://img.shields.io/pypi/pyversions/log-anomaly-detector)\n![License](https://img.shields.io/github/license/secwexen/log-anomaly-detector)\n\nlog-anomaly-detector is a machine-learning–based anomaly detection tool designed for security analysts, SOC teams, and threat hunters. It analyzes system and application logs to identify unusual patterns, suspicious behavior, and potential security incidents.\n\nThe tool supports multiple log sources, applies unsupervised ML algorithms, and provides both a command-line interface and an optional web dashboard for visualization.\n\n---\n\n## Features\n\n- Multi-source log ingestion (syslog, auth.log, nginx logs, custom formats)\n- Unsupervised ML anomaly detection using Isolation Forest, LOF, and One-Class SVM\n- Real-time or batch log analysis\n- CLI interface for automation workflows\n- Optional web dashboard for visualizing anomalies\n- Security-focused insights such as suspicious login attempts, brute-force patterns, and unusual traffic behavior\n- Lightweight, modular, and easy to extend\n\n---\n\n## Prerequisites\n\n- Python 3.10+ recommended  \n- Virtual environment is recommended:\n\n```bash\npython -m venv venv\nvenv\\Scripts\\activate     # Windows\nsource venv/bin/activate  # Linux/macOS\n````\n\n* Install dependencies:\n\n```bash\npip install -r requirements.txt\n```\n\n---\n\n## Quick Start\n\n### CLI Mode\n\nAnalyze a log file:\n\n```bash\npython src/main.py --logfile data/sample_logs/syslog.log --output data/processed/report.json\n```\n\nRun continuous monitoring (if implemented):\n\n```bash\npython src/main.py --logfile data/sample_logs/syslog.log --watch --output data/processed/report.json\n```\n\nTrain the model explicitly:\n\n```bash\npython src/train_isolation_forest.py\n```\n\nExport results (already trained model):\n\n```bash\npython src/main.py --logfile data/sample_logs/syslog.log --output data/processed/report.json\n```\n\n---\n\n## Web Dashboard\n\nStart the web interface:\n\n```\npython src/webapp/app.py\n```\n\nThen open:\n\n```\nhttp://localhost:5000\n```\n\n---\n\n## Contribution Guide\n\nWe welcome contributions! \n\n* Fork the repository\n* Create a new branch (`git checkout -b feature/my-feature`)\n* Make your changes and commit (`git commit -m 'Add new feature'`)\n* Push to the branch (`git push origin feature/my-feature`)\n* Open a Pull Request\n\nPlease follow **PEP8 style guidelines** and include tests for any new functionality.\n\n---\n\n## Project Structure\n\n- `src/`  \n  Core source code including log loader, preprocessing, ML models, and detection logic.\n\n- `src/webapp/`  \n  Lightweight Flask-based dashboard for visualizing anomalies.\n\n- `data/`  \n  Sample logs and processed datasets.\n\n- `models/`  \n  Serialized ML models.\n\n- `tests/`  \n  Unit tests for core components.\n\n---\n\n## Supported Algorithms\n\n- Isolation Forest  \n- Local Outlier Factor (LOF)  \n- One-Class SVM  \n\nThese models allow anomaly detection without requiring labeled datasets.\n\n---\n\n## License\n\nThis project is licensed under the **Apache-2.0 License**.  \nSee the [LICENSE](LICENSE) file for full details.\n\n---\n\n## Author\n\n**Secwexen** – Project Author \u0026 Maintainer  \n**Role:** Project Manager | Lead Developer   \n**GitHub:** [github.com/secwexen](https://github.com/secwexen)  ","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecwexen%2Flog-anomaly-detector","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsecwexen%2Flog-anomaly-detector","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecwexen%2Flog-anomaly-detector/lists"}