chainsaw
lnav
chainsaw | lnav | |
---|---|---|
14 | 77 | |
2,554 | 6,727 | |
1.8% | - | |
8.3 | 9.6 | |
20 days ago | 5 days ago | |
Rust | C++ | |
GNU General Public License v3.0 only | BSD 2-clause "Simplified" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
chainsaw
-
Angle-grinder: Slice and dice logs on the command line
There’s already a DFIR log tool named chainsaw: https://github.com/WithSecureLabs/chainsaw
- Agent event queue is flooded. Check the agent configuration
- What's your favorite cybersecurity tool?
-
Tools for "static" log analysis
https://github.com/WithSecureLabs/chainsaw if you're just looking for bad stuff.
- Chainsaw v2.0 Release - Hunt and Search Through Windows Event Logs
- Chainsaw v2.0.0 - Rapidly Search and Hunt through Windows Event Logs
- Chainsaw 2.0: Allows users to rapidly search through Windows event logs and hunt for threats using Sigma detection rules.
-
EvtxHussar 1.0
Differences between this and Chainsaw? Chainsaw
- IR log Collection/Parsing Recommendations
-
AMA : I’m a cybersecurity engineer at Microsoft .
Use Chainsaw for event logs https://github.com/countercept/chainsaw
lnav
- Lnav: A log file viewer for the terminal
-
Angle-grinder: Slice and dice logs on the command line
See https://lnav.org for a powerful mini-ETL CLI power tool; it embeds SQLite, supports ~every format, has great UX and easily handles a few million rows at a time.
- FLaNK Stack 26 February 2024
- LNAV – The Logfile Navigator
-
Toolong: Terminal application to view, tail, merge, and search log files
The code base seems like a good reference as a small Python project.
My fav option in this class of apps: https://lnav.org/ It lets you use journalctl with pipes as requested here: https://github.com/Textualize/toolong/issues/4
-
Logdy.dev – web based logs viewer UI for local development environment
For local development, I cannot recommend lnav[1] enough. Discovering this tool was a game changer in my day to day life. Adding comments, filtering in/out, prettify and analyse distribution is hard to live without now.
I don't think a browser tool would fit in my workflow. I need to pipe the output to the tool.
[1] https://lnav.org/
- Textanalysistool.net
- Ask HN: What apps have you created for your own use?
-
Ask HN: How does `lnav` run its playground which you can just SSH into?
It looks like they run an SSH server inside a Docker container defined by this Dockerfile [1]. This uses the ForceCommand directive in the sshd_config file to ensure that a specific command is run when a user connects (rather than the user connecting directly to a shell).
Depending on whether the user connects as the `playground` or `tutorial1` user they interact with a bash script that is either [2] or [3].
[1]: https://github.com/tstack/lnav/blob/master/demo/Dockerfile
[2]: https://github.com/tstack/lnav/blob/master/docs/tutorials/pl...
[3]: https://github.com/tstack/lnav/blob/master/docs/tutorials/tu...
What are some alternatives?
EvtxHussar - Initial triage of Windows Event logs
lightproxy - 💎 Cross platform Web debugging proxy
hayabusa - Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
dive - A tool for exploring each layer in a docker image
zff-rs - Library to handle the files in zff format (file format to store and handle forensic acquisitions).
glow - Render markdown on the CLI, with pizzazz! 💅🏻
WELA - WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
GoAccess - GoAccess is a real-time web log analyzer and interactive viewer that runs in a terminal in *nix systems or through your browser.
Wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
conio-for-linux - Conio.h for linux
Purpleteam - Purpleteam scripts simulation & Detection - trigger events for SOC detections
nnn - n³ The unorthodox terminal file manager