https://github.com/secwexen/log-anomaly-detector

log-anomaly-detector is a lightweight yet powerful machine‑learning–based anomaly detection tool designed for security analysts, SOC teams, and threat hunters. It analyzes system and application logs (such as syslog, auth.log, and web server logs) to automatically identify unusual patterns, suspicious behavior, and potential security incidents.
https://github.com/secwexen/log-anomaly-detector

anomaly-detection cli-tool cybersecurity data-preprocessing flask intrusion-detection isolation-forest local-outlier-factor log-analysis log-monitoring machine-learning ml-security one-class-svm python security-automation security-tool siem threat-hunting unsupervised-learning

Last synced: 5 months ago
JSON representation

log-anomaly-detector is a lightweight yet powerful machine‑learning–based anomaly detection tool designed for security analysts, SOC teams, and threat hunters. It analyzes system and application logs (such as syslog, auth.log, and web server logs) to automatically identify unusual patterns, suspicious behavior, and potential security incidents.

• Host: GitHub
• URL: https://github.com/secwexen/log-anomaly-detector
• Owner: secwexen
• License: apache-2.0
• Created: 2026-01-03T13:30:08.000Z (5 months ago)
• Default Branch: main
• Last Pushed: 2026-01-27T18:31:44.000Z (5 months ago)
• Last Synced: 2026-01-28T04:55:07.267Z (5 months ago)
• Topics: anomaly-detection, cli-tool, cybersecurity, data-preprocessing, flask, intrusion-detection, isolation-forest, local-outlier-factor, log-analysis, log-monitoring, machine-learning, ml-security, one-class-svm, python, security-automation, security-tool, siem, threat-hunting, unsupervised-learning
• Language: Python
• Homepage:
• Size: 83 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md
  • Codeowners: .github/CODEOWNERS
  • Security: SECURITY.md

Awesome Lists containing this project

README

          
# log-anomaly-detector

![Python Versions](https://img.shields.io/pypi/pyversions/log-anomaly-detector)

![License](https://img.shields.io/github/license/secwexen/log-anomaly-detector)

log-anomaly-detector is a machine-learning–based anomaly detection tool designed for security analysts, SOC teams, and threat hunters. It analyzes system and application logs to identify unusual patterns, suspicious behavior, and potential security incidents.

The tool supports multiple log sources, applies unsupervised ML algorithms, and provides both a command-line interface and an optional web dashboard for visualization.

---

## Features

- Multi-source log ingestion (syslog, auth.log, nginx logs, custom formats)

- Unsupervised ML anomaly detection using Isolation Forest, LOF, and One-Class SVM

- Real-time or batch log analysis

- CLI interface for automation workflows

- Optional web dashboard for visualizing anomalies

- Security-focused insights such as suspicious login attempts, brute-force patterns, and unusual traffic behavior

- Lightweight, modular, and easy to extend

---

## Prerequisites

- Python 3.10+ recommended  

- Virtual environment is recommended:

```bash

python -m venv venv

venv\Scripts\activate     # Windows

source venv/bin/activate  # Linux/macOS

````

* Install dependencies:

```bash

pip install -r requirements.txt

```

---

## Quick Start

### CLI Mode

Analyze a log file:

```bash

python src/main.py --logfile data/sample_logs/syslog.log --output data/processed/report.json

```

Run continuous monitoring (if implemented):

```bash

python src/main.py --logfile data/sample_logs/syslog.log --watch --output data/processed/report.json

```

Train the model explicitly:

```bash

python src/train_isolation_forest.py

```

Export results (already trained model):

```bash

python src/main.py --logfile data/sample_logs/syslog.log --output data/processed/report.json

```

---

## Web Dashboard

Start the web interface:

```

python src/webapp/app.py

```

Then open:

```

http://localhost:5000

```

---

## Contribution Guide

We welcome contributions! 

* Fork the repository

* Create a new branch (`git checkout -b feature/my-feature`)

* Make your changes and commit (`git commit -m 'Add new feature'`)

* Push to the branch (`git push origin feature/my-feature`)

* Open a Pull Request

Please follow **PEP8 style guidelines** and include tests for any new functionality.

---

## Project Structure

- `src/`  

  Core source code including log loader, preprocessing, ML models, and detection logic.

- `src/webapp/`  

  Lightweight Flask-based dashboard for visualizing anomalies.

- `data/`  

  Sample logs and processed datasets.

- `models/`  

  Serialized ML models.

- `tests/`  

  Unit tests for core components.

---

## Supported Algorithms

- Isolation Forest  

- Local Outlier Factor (LOF)  

- One-Class SVM  

These models allow anomaly detection without requiring labeled datasets.

---

## License

This project is licensed under the **Apache-2.0 License**.  

See the [LICENSE](LICENSE) file for full details.

---

## Author

**Secwexen** – Project Author & Maintainer  

**Role:** Project Manager | Lead Developer   

**GitHub:** [github.com/secwexen](https://github.com/secwexen)