https://github.com/logtide-dev/logtide

🛡️ Open-source, self-hosted log management. Privacy-first alternative to Datadog & ELK. Lightweight, GDPR-compliant, and deployed in minutes with Docker.
https://github.com/logtide-dev/logtide

devops docker docker-compose gdpr log-management monitoring observability open-source self-hosted sveltekit timescaledb typescript

Last synced: 9 days ago
JSON representation

🛡️ Open-source, self-hosted log management. Privacy-first alternative to Datadog & ELK. Lightweight, GDPR-compliant, and deployed in minutes with Docker.

• Host: GitHub
• URL: https://github.com/logtide-dev/logtide
• Owner: logtide-dev
• License: agpl-3.0
• Created: 2025-11-14T23:55:56.000Z (2 months ago)
• Default Branch: main
• Last Pushed: 2026-01-12T16:21:04.000Z (12 days ago)
• Last Synced: 2026-01-12T21:56:20.167Z (12 days ago)
• Topics: devops, docker, docker-compose, gdpr, log-management, monitoring, observability, open-source, self-hosted, sveltekit, timescaledb, typescript
• Language: TypeScript
• Homepage: https://logtide.dev
• Size: 3.28 MB
• Stars: 223
• Watchers: 3
• Forks: 7
• Open Issues: 6
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md
  • Security: SECURITY.md

Awesome Lists containing this project

README

          


  


  

  


    Privacy-first log management. Open Source.

  


  


    ☁️ Try Cloud (Free Alpha) •

    Self-Host •

    SDKs •

    Docs

  


  

  

  

  

  

  

  

  

  






> **⚠️ ALPHA RELEASE:** LogTide is currently in active Alpha.

> The Cloud version is **100% FREE** for early adopters. We are looking for feedback to improve stability!

> **📢 Rebranded:** LogTide was previously known as LogWard. We changed our name due to a trademark conflict. [Read more about the rebrand](https://github.com/orgs/logtide-dev/discussions/81).

---

## 👋 What is LogTide?

LogTide is an open-source alternative to Datadog, Splunk, and ELK.

Designed for developers and European SMBs who need **GDPR compliance**, **data ownership**, and **simplicity** without the complexity of managing an ElasticSearch cluster.

### Why LogTide?

* 🇪🇺 **GDPR Friendly:** Keep data on your servers or use our EU-based cloud.

* ⚡ **Lightweight:** Built on **TimescaleDB** & **Fastify** (low RAM usage compared to Java stacks).

* 🚀 **Developer Experience:** 5-minute setup with Docker. Native SDKs.

* 💰 **Cost Effective:** Self-host for free.

---

## 📸 Screenshots

### Logs Explorer

![LogTide Logs](docs/images/logs.png)

### Distributed Tracing

![LogTide Traces](docs/images/traces.png)

### Error Groups

![LogTide Errors](docs/images/errors.png)

### SIEM Dashboard

![LogTide Security](docs/images/security.png)

### Alerts & Notifications

![LogTide Alerts](docs/images/alerts.png)

---

## 🚀 Quick Start

Choose how you want to use LogTide.

### Option A: Cloud (Fastest & Free)

We host it for you. Perfect for testing and small projects. **Currently Free.**

1.  **Sign up:** Go to [**logtide.dev**](https://logtide.dev).

2.  **Create Project:** Create an organization and a project.

3.  **Get API Key:** Copy your project-scoped API Key.

4.  **Send a Log:**

    ```bash

    curl -X POST https://api.logtide.dev/api/v1/ingest \

      -H "X-API-Key: YOUR_API_KEY" \

      -H "Content-Type: application/json" \

      -d '{ "logs": [{ "service": "test", "level": "info", "message": "Hello Cloud!" }] }'

    ```

### Option B: Self-Hosted (Docker)

Total control over your data. **No build required** - uses pre-built images from Docker Hub.

**Prerequisites:** Docker & Docker Compose.

1.  **Download configuration**

    ```bash

    mkdir logtide && cd logtide

    curl -O https://raw.githubusercontent.com/logtide-dev/logtide/main/docker/docker-compose.yml

    curl -O https://raw.githubusercontent.com/logtide-dev/logtide/main/docker/.env.example

    mv .env.example .env

    ```

2.  **Edit `.env`** with secure passwords

    ```bash

    nano .env

    ```

    Required variables:

    ```bash

    DB_PASSWORD=your_secure_db_password

    REDIS_PASSWORD=your_secure_redis_password

    API_KEY_SECRET=your_32_character_secret_key_here

    ```

3.  **Start the stack**

    ```bash

    docker compose up -d

    ```

4.  **Access LogTide**

    * **Frontend:** `http://localhost:3000`

    * **API:** `http://localhost:8080`

    * **First Time?** Click "Sign up" to create your account

> **Note:** Database migrations run automatically on first start.

5.  **(Optional) Enable Docker log collection with Fluent Bit**

    ```bash

    # Download Fluent Bit configuration files

    curl -O https://raw.githubusercontent.com/logtide-dev/logtide/main/docker/fluent-bit.conf

    curl -O https://raw.githubusercontent.com/logtide-dev/logtide/main/docker/parsers.conf

    curl -O https://raw.githubusercontent.com/logtide-dev/logtide/main/docker/extract_container_id.lua

    curl -O https://raw.githubusercontent.com/logtide-dev/logtide/main/docker/wrap_logs.lua

    curl -O https://raw.githubusercontent.com/logtide-dev/logtide/main/docker/map_syslog_level.lua

    # Set your LogTide API key in .env

    echo "FLUENT_BIT_API_KEY=your_api_key_here" >> .env

    # Start with logging profile

    docker compose --profile logging up -d

    ```

**Docker Images:** [Docker Hub](https://hub.docker.com/r/logtide/backend) | [GitHub Container Registry](https://github.com/logtide-dev/logtide/pkgs/container/logtide-backend)

> **Production:** Pin versions with `LOGTIDE_BACKEND_IMAGE=logtide/backend:0.4.1` in your `.env` file.

> **ARM64 / Raspberry Pi:** LogTide images support `linux/amd64` and `linux/arm64`. For Fluent Bit on ARM64, set `FLUENT_BIT_IMAGE=cr.fluentbit.io/fluent/fluent-bit:4.2.2` in your `.env` file.

> **Horizontal Scaling:** For scaling multiple backend instances, see [deployment docs](https://logtide.dev/docs/deployment#horizontal-scaling).

### Option C: Kubernetes (Helm)

Deploy LogTide on any Kubernetes cluster with our official Helm chart.

**Prerequisites:** Kubernetes 1.25+, Helm 3.10+

1. **Add the Helm repository**

    ```bash

    helm repo add logtide https://logtide-dev.github.io/logtide-helm-chart

    helm repo update

    ```

2. **Install LogTide**

    ```bash

    helm install logtide logtide/logtide \

      --namespace logtide \

      --create-namespace \

      --set timescaledb.auth.password= \

      --set redis.auth.password=

    ```

3. **Access LogTide**

    ```bash

    kubectl port-forward svc/logtide-frontend 3000:3000 -n logtide

    ```

    Open `http://localhost:3000`

**Includes:** Backend (2+ replicas), Frontend, Worker, TimescaleDB, Redis, HPA, Ingress support, Prometheus monitoring.

> **Helm Chart:** [Artifact Hub](https://artifacthub.io/packages/helm/logtide/logtide) | [GitHub](https://github.com/logtide-dev/logtide-helm-chart) | [Full Docs](https://logtide.dev/docs/deployment#kubernetes)

---

## 📦 SDKs & Integrations

We have ready-to-use SDKs for the most popular languages.

| Language | Status | Package / Link |

| :--- | :--- | :--- |

| **Node.js** | ✅ Ready | [`@logtide/sdk-node`](https://www.npmjs.com/package/@logtide/sdk-node) |

| **Python** | ✅ Ready | [`logtide-sdk`](https://pypi.org/project/logtide-sdk/) |

| **Go** | ✅ Ready | [`logtide-sdk-go`](https://github.com/logtide-dev/logtide-sdk-go) |

| **PHP** | ✅ Ready | [`logtide-dev/sdk-php`](https://packagist.org/packages/logtide-dev/sdk-php) |

| **Kotlin** | ✅ Ready | [`logtide-sdk-kotlin`](https://github.com/logtide-dev/logtide-sdk-kotlin) |

| **C# / .NET** | ✅ Ready | [`LogTide.SDK`](https://github.com/logtide-dev/lgoward-sdk-csharp) |

| **Docker** | ✅ Ready | Use Fluent Bit / Syslog driver |

| **HTTP** | ✅ Ready | [API Reference](#) |

| **OpenTelemetry** | ✅ Ready | OTLP endpoint (logs + traces) |

---

## ✨ Features available in Alpha

* ✅ **High-Performance Ingestion:** Batch API handling thousands of logs/sec.

* ✅ **Real-time Live Tail:** See logs as they arrive via Server-Sent Events (SSE).

* ✅ **Powerful Search:** Filter by service, level, time range. Two search modes: **Full-text** (word-based with stemming) and **Substring** (find text anywhere in messages, e.g., find "bluez" in "spa.bluez5.native").

* ✅ **Multi-Organization:** Isolate teams and projects strictly.

* ✅ **Alerting:** Get notified via Email or Webhook (Slack/Discord) on error spikes.

* ✅ **Retention Policy:** Automatic cleanup of old logs via TimescaleDB.

* ✅ **Sigma Rules Detection:** Built-in engine to run security detection rules (YAML) against your logs for threat detection.

* ✅ **SIEM Dashboard:** Security dashboard with incident management, MITRE ATT&CK mapping, and PDF report export. *(New in 0.3.0)*

* ✅ **OpenTelemetry Support:** Native OTLP ingestion for logs and traces (protobuf + JSON).

* ✅ **Distributed Tracing:** Trace viewer with span timeline, service dependencies graph, and trace-to-logs correlation.

---

## 🛡️ Security & Sigma Rules

LogTide goes beyond simple monitoring by transforming your logs into a security advantage. We support **Sigma Rules**, the industry-standard format for describing log signatures.

* **Threat Detection:** Automatically detect suspicious activities (e.g., SSH brute force, clearing of history, web shells).

* **Standard Format:** Write rules in standard YAML or import existing ones from the [Sigma community](https://github.com/SigmaHQ/sigma).

* **Real-time Matching:** Rules are evaluated against incoming logs in real-time.

**Example Rule (Detecting History Clear):**

```yaml

title: Clear Command History

status: stable

logsource:

    product: linux

detection:

    selection:

        command:

            - 'history -c'

            - 'cat /dev/null > ~/.bash_history'

    condition: selection

level: high

```

---

## 🚨 SIEM Dashboard & Incident Management (New in 0.3.0)

LogTide now includes a full-featured **Security Information and Event Management (SIEM)** dashboard, turning your log platform into a lightweight security operations center.

### Security Dashboard

* **Summary Stats:** Total detections, open incidents, critical alerts at a glance

* **Top Threats Chart:** Sigma rules ranked by detection count

* **Detection Timeline:** Time-series visualization of security events

* **Affected Services:** Quick view of which services triggered detections

* **Severity Distribution:** Pie chart breakdown (Critical/High/Medium/Low)

* **MITRE ATT&CK Heatmap:** Visualize detected techniques across the ATT&CK matrix

### Incident Management

* **Incident Workflow:** Track incidents through Open → Investigating → Resolved → False Positive

* **Comments & Collaboration:** Add notes and discuss incidents with your team

* **Activity Timeline:** Full audit trail of all status changes and actions

* **Detection Events:** View matched fields and log context for each detection

* **PDF Export:** Generate incident reports for compliance and documentation

---

## 🏗️ Tech Stack

We use modern, type-safe tools to ensure performance and maintainability.

| Layer | Technology |

| :--- | :--- |

| **Frontend** | SvelteKit 5 (Runes) + TailwindCSS + shadcn-svelte |

| **Backend** | Fastify + TypeScript + Kysely ORM |

| **Database** | PostgreSQL 16 + TimescaleDB (Time-series optimization) |

| **Queue** | Redis 7 + BullMQ |

| **Deployment** | Docker + Docker Compose |

---

## 📄 License

Distributed under the **GNU AGPLv3** License. See `LICENSE` for more information.

* **Free for Internal Use:** You can use LogTide internally for free.

* **Open Source:** The code is available for audit and contribution.

* **Commercial Protection:** If you offer LogTide as a SaaS (Service) to others, you must release your source code or purchase a Commercial License.

---



  


  
Built with ❤️ in Europe

  


    Start for Free •

    Report a Bug