LogSift

Log pattern intelligence in a single file

Python 3.8+ Zero Dependencies MIT License

What It Does

Application logs contain millions of lines, but those lines are really a few dozen templates repeated with different variables. LogSift discovers those templates, ranks them by severity and frequency, and alerts you when something new appears or when a known pattern suddenly spikes.

12
Pattern Token Types
3x
Burst Threshold
0
Dependencies
1
Python File

Interactive Demo

Paste sample log lines below and see how LogSift collapses them into patterns.

Raw Log Input
Pattern Output
Click "Run LogSift" to see patterns...

Pattern Tokens

Variable values get replaced with semantic tokens:

<TIMESTAMP>Dates and times
<UUID>Unique identifiers
<IP>IP addresses
<EMAIL>Email addresses
<URL>Web addresses
<PATH>File paths
<NUM>Numbers
<STR>Quoted strings
<HEX>Hex strings
<MEASURE>Values with units

Quick Start

# Clone the repository
git clone https://github.com/SSH-PuR66/logswift.git
cd logswift

# Analyze a log file
python logswift_0.py app.log

# Live monitoring with anomaly detection
python logswift_0.py /var/log/app.log --follow --errors-only

# Export as JSON
python logswift_0.py app.log --json > report.json

Use Cases

Incident Response

Run --follow during outages. Burst detection shows which error spirals before dashboards refresh.

Security Monitoring

Build a baseline from normal traffic. Novelty alerts flag probing, injection, or unauthorized access.

Post-Mortem Analysis

Export logs as JSON for downstream scripts doing timeline correlation.

CI/CD Quality Gates

Fail builds when test runs introduce unexpected error patterns.

About

Built by Sergio Rodriguez, cybersecurity student at Iona University (Class of 2026). Focused on blue team operations, security tooling, and making incident response faster.