A full-stack, containerized security tool that parses Linux system logs, detects suspicious events, and displays results on a live web dashboard.
Log analysis is a core task in security operations. I wanted to build something that mirrors a real workflow — ingesting raw auth logs, applying detection rules, exposing the results via an API, and visualizing them in a dashboard. This project connects my interest in cybersecurity with backend development and containerization.
- Parses Linux
auth.logfiles and extracts structured log entries - Detects suspicious patterns: failed login attempts, brute-force behavior, path traversal
- Exposes findings through a REST API (
/api/logsand/api/alerts) - Displays results on a JavaScript dashboard that fetches live from the API
- Fully containerized with Docker for consistent deployment
| Layer | Technology | What it does |
|---|---|---|
| Backend | Python, OOP, Regex | Log parsing, multi-rule detection engine, modular design |
| API | Flask, REST, CORS | Two GET endpoints serving structured JSON |
| Frontend | HTML, CSS, JavaScript | Async data fetching, dynamic table rendering |
| DevOps | Docker | Containerized deployment, port mapping, cross-platform stability |
log-analysis-api/
├── api/
│ ├── app.py # Flask entry point
│ ├── detection/ # Alert rules (failed login, path traversal)
│ └── parser/ # Raw log → structured data
├── frontend/
│ └── index.html # Dashboard (fetches from API)
├── logs/
│ └── auth.log # Sample Linux auth log
├── Dockerfile
└── requirements.txt
Option 1 — Docker (recommended)
# Build the image
docker build -t log-analysis-api .
# Run the container
docker run -d -p 8080:5000 --name log-analyzer log-analysis-apiThen open frontend/index.html in your browser. The dashboard fetches from http://localhost:8080/api/alerts.
Option 2 — Local (Python)
pip install -r requirements.txt
python main.py| Method | Endpoint | Returns |
|---|---|---|
| GET | /api/logs |
All parsed log entries |
| GET | /api/alerts |
Detected suspicious events only |
- How to design a modular Python backend with separation between parsing and detection logic
- RESTful API design with Flask and CORS handling
- Containerizing a multi-component app with Docker
- How real security tools structure log ingestion pipelines