A SIEM (Security Information and Event Management) project inspired by tools like Splunk.
LogSentinel collects logs, parses them, detects suspicious activities, generates alerts, and displays everything in a real-time dashboard.
Built using:
- Java Spring Boot (Backend)
- React + TailwindCSS (Frontend)
- Python (Log Parser + Attack Simulator)
backend/
│
├── controller/
│ ├── AlertController.java
│ ├── DashboardController.java
│ ├── LogEntryController.java
│
├── service/
│ ├── AlertService.java
│ └── LogEntryService.java
│
├── repository/
│ ├── AlertRepository.java
│ └── LogEntryRepository.java
│
├── entity/
│ ├── Alert.java
│ └── LogEntry.java
│
└── config/
└── WebSocketConfig.java
Responsible for:
- Reading logs
- Parsing logs
- Sending parsed events to backend
parser-service/
│
├── collectors/
│ ├── file_collector.py
│ ├── syslog_collector.py
│ └── windows_event_collector.py
│
├── parsers/
│ ├── auth_parser.py
│ ├── apache_parser.py
│ ├── firewall_parser.py
│ └── generic_parser.py
│
├── forwarders/
│ └── api_forwarder.py
│
├── utils/
│ ├── log_reader.py
│ └── regex_patterns.py
│
└── main.py
Generates fake attack logs for testing the SIEM.
attack-simulator/
│
├── attacks/
│ ├── brute_force.py
│ ├── sql_injection.py
│ ├── xss.py
│ ├── port_scan.py
│ └── suspicious_traffic.py
│
├── utils/
│ ├── sender.py
│ └── faker_utils.py
│
└── main.py
git clone <https://github.com/asharxh/logsentinel>
cd LogSentinelcd backend
./mvnw spring-boot:runBackend runs on:
http://localhost:8080
cd frontend
npm install
npm run devFrontend runs on:
http://localhost:5173
cd python/parser-service
python -m venv venv
source venv/bin/activateInstall dependencies:
pip install -r requirements.txtRun parser:
python main.pycd python/attack-simulator
python -m venv venv
source venv/bin/activateInstall dependencies:
pip install -r requirements.txtRun simulator:
python main.py- Ashar Arif
- https://www.linkedin.com/in/ashararif