A comprehensive web application for analyzing Nginx access logs with AI-powered security insights, designed for Security Operations Center (SOC) analysts and DevOps teams.
Checkout the video demo here https://youtu.be/WKlLB26EXNE
- Nginx Access Log Parsing: Automatic parsing of standard Nginx access log format
- Real-time Metrics: Total requests, error rates, unique IPs, peak hours
- Interactive Dashboard: Visual charts and tables for log exploration
- Raw Logs Table: Color-coded log entries with security highlighting
- Threat Detection: AI analysis using Google Gemini for security threats
- Anomaly Detection: Automatic identification of suspicious patterns
- Security Scoring: Confidence-based threat assessment
- Detailed Insights: Recommendations and affected log entries
- JWT Authentication: Secure token-based authentication
- User Management: Registration and login system
- File Deduplication: SHA256-based file hash checking
- CORS Protection: Secure cross-origin resource sharing
- Timeline Charts: Request patterns over time
- Metrics Cards: Key performance indicators
- Status Code Highlighting: Color-coded HTTP status codes
- Responsive Design: Works on desktop and mobile
LogAnalyzer/
βββ my-app-backend/ # FastAPI Backend
β βββ api.py # Main API endpoints
β βββ models.py # Database models
β βββ ai.py # AI analysis logic
β βββ db.py # Database configuration
β βββ requirements.txt # Python dependencies
βββ soc-dashboard/ # Next.js Frontend
β βββ app/ # Next.js app router
β βββ components/ # React components
β βββ lib/ # Utilities and API client
β βββ package.json # Node.js dependencies
βββ docker-compose.yml # Container orchestration
βββ init.sql # Database initialization
βββ setup.sh # Automated setup script
- FastAPI: Modern Python web framework
- PostgreSQL: Primary database with JSONB support
- SQLAlchemy: ORM for database operations
- Google Gemini AI: AI-powered log analysis
- JWT: Authentication and authorization
- Next.js 14: React framework with App Router
- TypeScript: Type-safe development
- Tailwind CSS: Utility-first styling
- Radix UI: Accessible component primitives
- Recharts: Data visualization
- Docker: Containerization
- Docker Compose: Multi-container orchestration
- PostgreSQL: Database container
- Docker (v20.10+)
- Docker Compose (v2.0+)
- Git
- Google Gemini API Key (for AI features)
LogAnalyzer leverages Google's Gemini AI to provide intelligent analysis of Nginx access logs, transforming raw log data into actionable security insights.
graph TD
A[Upload Nginx Logs] --> B[Parse Log Entries]
B --> C[Extract Features]
C --> D[Send to Gemini AI]
D --> E[AI Analysis]
E --> F[Generate Insights]
F --> G[Store Results]
G --> H[Display in Dashboard]
git clone https://github.com/venkatnikhilm/log_analyzer.git
cd LogAnalyzerchmod +x setup.sh
./setup.sh# Edit .env file
nano .env
# Update with your Gemini API key
GEMINI_API_KEY=your_actual_api_key_here- Frontend: http://localhost:3000
- Backend API: http://localhost:8000
- API Documentation: http://localhost:8000/docs
Create a .env file in the root directory:
# Database Configuration
DATABASE_URL=postgresql+asyncpg://appuser:secretpassword@localhost:5432/loganalyzer
# JWT Configuration
JWT_SECRET=your_super_secret_jwt_key_change_this_in_production
ACCESS_TOKEN_EXPIRE_MINUTES=60
REFRESH_TOKEN_EXPIRE_DAYS=7
# Google Gemini AI Configuration
GEMINI_API_KEY=your_gemini_api_key_here
# Frontend Configuration
NEXT_PUBLIC_API_URL=http://localhost:8000# Start all services
docker-compose up -d
# View logs
docker-compose logs -f
# Stop services
docker-compose down# Start specific service
docker-compose up -d backend
docker-compose up -d frontend
docker-compose up -d db
# Rebuild specific service
docker-compose up --build frontend
# View service logs
docker-compose logs frontend
docker-compose logs backend- Navigate to http://localhost:3000
- Register a new account or login with existing credentials
- Access the dashboard after successful authentication
- Click "Upload Log" button in the dashboard
- Select your Nginx access log file
- Wait for automatic parsing and processing
- View parsed logs in the dashboard
- Select an uploaded file from the dropdown
- Click "AI Insights" to run security analysis
- Review threat findings and recommendations
- Explore raw logs and metrics
- Metrics Cards: Overview of key statistics
- Timeline Chart: Request patterns over time
- Raw Logs Table: Detailed log entries with highlighting
- AI Insights Panel: Security analysis results
- Change Default Secrets: Update JWT_SECRET and database passwords
- Use HTTPS: Configure SSL/TLS certificates
- Environment Variables: Store sensitive data in environment variables
- Database Security: Use strong passwords and network isolation
- API Key Management: Rotate Gemini API keys regularly
- JWT tokens with configurable expiration
- CORS protection for cross-origin requests
- Input validation and sanitization
- Rate limiting (recommended for production)
CREATE TABLE users (
id SERIAL PRIMARY KEY,
username VARCHAR(50) UNIQUE NOT NULL,
email VARCHAR(255) UNIQUE NOT NULL,
password_hash VARCHAR(255) NOT NULL,
salt VARCHAR(32) NOT NULL,
created_at TIMESTAMPTZ DEFAULT now()
);CREATE TABLE files (
file_hash VARCHAR(255) PRIMARY KEY,
user_id INTEGER NOT NULL REFERENCES users(id),
file_name TEXT NOT NULL,
file_size BIGINT NOT NULL,
uploaded_at TIMESTAMP WITH TIME ZONE DEFAULT now()
);CREATE TABLE log_entries (
id SERIAL PRIMARY KEY,
file_hash VARCHAR(255) NOT NULL REFERENCES files(file_hash),
timestamp TIMESTAMP WITH TIME ZONE NOT NULL,
ip TEXT,
method TEXT,
uri TEXT,
status INTEGER,
bytes BIGINT,
user_agent TEXT,
referer TEXT
);CREATE TABLE ai_insights (
id SERIAL PRIMARY KEY,
file_hash VARCHAR(255) UNIQUE NOT NULL REFERENCES files(file_hash),
insights JSONB NOT NULL,
created_at TIMESTAMP WITH TIME ZONE DEFAULT now()
);# Backend Development
cd my-app-backend
pip install -r requirements.txt
uvicorn api:app --reload --host 0.0.0.0 --port 8000
# Frontend Development
cd soc-dashboard
npm install
npm run dev# Connect to PostgreSQL
docker-compose exec db psql -U appuser -d loganalyzer
# View tables
\dt
# Sample queries
SELECT COUNT(*) FROM log_entries;
SELECT * FROM ai_insights LIMIT 5;POST /register- User registrationPOST /login- User authenticationGET /health- Health check
POST /upload- Upload log fileGET /files- List uploaded filesPOST /logs- Get parsed logs for a file
POST /analyse- Run AI analysis on log file
1. Docker Build Fails
# Clean Docker cache
docker system prune -a
docker-compose up --build2. Database Connection Issues
# Check database status
docker-compose ps db
docker-compose logs db
# Restart database
docker-compose restart db3. Frontend Not Loading
# Check frontend logs
docker-compose logs frontend
# Rebuild frontend
docker-compose up --build frontend4. AI Analysis Not Working
- Verify Gemini API key in
.envfile - Check API quota and limits
- Review backend logs for errors
- Application Logs:
docker-compose logs -f - Database Logs:
docker-compose logs db - Backend Logs:
docker-compose logs backend - Frontend Logs:
docker-compose logs frontend
Happy Log Analysis! π