A mini‑SIEM for home labs and Hacktoberfest contributions. Parses common logs (auth, nginx), detects simple security events (SSH brute force, HTTP 5xx bursts), stores alerts in SQLite, and exposes them via FastAPI API, CLI, and a lightweight dashboard.
- Log ingestion: Upload
auth.logor Nginx access logs via API or UI - Parsers: Convert raw lines → structured
Eventobjects - Detections: Sliding‑window brute‑force & 5xx‑burst rules (thresholds configurable in YAML)
- Storage: SQLite for easy portability
- Dashboard: Static HTML + JS fetch alerts from API
- CLI: Local batch scanning for sample logs or offline use
git clone https://github.com/<your-username>/gwc-siem.git
cd gwc-siem-lite
python -m venv .venv && source .venv/bin/activate
pip install -e .uvicorn api.main:app --reloadVisit: http://127.0.0.1:8000
Upload sample logs from sample_data/ using the upload form. Alerts will appear in a table below.
python cli/app.py --file sample_data/auth.log --kind authThis parses, detects alerts, and writes them to seclog.db. You can fetch them via API:
curl http://127.0.0.1:8000/alerts?limit=10 | jqCore components:
- API (
api/):/ingest,/alerts,/health - Parsers (
core/parsers/): auth + nginx →Event - Detections (
core/detections/): brute_force + http_5xx_burst →Alert - Storage (
storage/): SQLite + helper functions - Web (
web/index.html): upload form + table renderer - CLI (
cli/): batch scanning tool
- Fork & clone repo
- Create a branch for your change
- Setup local env:
python -m venv .venv && source .venv/bin/activate
pip install -e .- Run tests:
pytest -q- Open a PR referencing an issue (see CONTRIBUTING.md)
- Apache access log parser
- GeoIP blocklist rule
- Prometheus
/metricsendpoint - Docker Compose example with log mounts
- Alert notifiers (Slack, Discord)
See SECURITY.md. For severe issues, disclose privately.
MIT © 2025 ghostmkg
This project is open for everyone. Whether you are a beginner or experienced coder, you are welcome to contribute. Let’s learn and grow together! 🌱
Be a part of our growing community and stay connected 🚀
- 🗨️ Join us on Discord
- 📢 Join our Telegram
- 💼 Follow our LinkedIn Page
- 💬 Join our WhatsApp Community
- 📺 Subscribe on YouTube
- 🐦 Follow on Twitter
- 📸 Follow on Instagram
If you like this project and want to support future development, consider buying me a coffee:
