Skip to content

brandonpellumbi/traceguard

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
public
public
 
 
samples
samples
 
 
tests
tests
 
 
traceguard
traceguard
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 
run.sh
run.sh
 
 
server.py
server.py
 
 

Repository files navigation

TraceGuard

TraceGuard is a local-first security log analyzer. It parses web access logs, applies detection rules, scores suspicious activity, and turns noisy events into an incident-style report.

What It Demonstrates

  • Security-focused backend logic
  • Log parsing and event normalization
  • Detection rules for brute force, probing, scanner user agents, and error bursts
  • CLI and web UI surfaces
  • Standard-library Python implementation with tests

Run Locally

cd traceguard
./run.sh

That runs the tests, starts the local server, and prints the URL.

Manual commands:

python3 -m unittest discover -s tests
python3 server.py

The server prints the exact local URL and keeps running until you press Ctrl+C. It starts on http://127.0.0.1:4181, or the next open port if that one is busy.

CLI:

python3 -m traceguard.cli samples/access.log

Detection Coverage

  • Repeated 401 or 403 responses on login paths
  • Common probe targets such as .env, wp-admin, and phpmyadmin
  • Scanner-style user agents such as sqlmap, nikto, masscan, and nmap
  • High 404 rate from one IP
  • Suspicious HTTP methods

Next Upgrade Ideas

  • Add YAML rule loading
  • Enrich IPs with GeoIP metadata
  • Stream logs from Nginx or Apache files
  • Save investigations to SQLite
  • Export incident reports as PDF

About

Local-first security log analyzer with detection rules and web UI

Topics

python log-analysis cybersecurity detection-engine

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages