Logatory

First PyPI release of Logatory — a local-first log analysis tool.

Logatory reads logs from files, stdin or OpenSearch, redacts PII directly after parsing, detects threats with a rule engine, tracks recurring errors, flags statistical anomalies, and explains findings with a local or cloud LLM — through a CLI, a web dashboard and a REST API. No log data leaves the machine by default.

This is an early alpha release. The 0.x line is functional and tested (577 tests, CI on Linux/Windows/macOS, Python 3.11/3.12), but rule formats and APIs may still change.

Install

pip install logatory          # core
pip install 'logatory[web]'   # + web dashboard

Requires Python 3.11+.

Highlights

• Format auto-detection — syslog, Nginx, JSON Lines, Windows EVTX, plaintext
• PII redaction right after parsing — deterministic pseudonymisation, nothing downstream sees raw PII
• Rule engine — native YAML rules plus Sigma rule import
• Error tracking — fingerprint-based deduplication; LLM explanations include the full stack trace
• Anomaly detection — statistical Z-score baseline
• LLM layer — Ollama (local) by default; optional Claude / OpenAI-compatible providers
• Web dashboard (FastAPI + HTMX) with a sortable Top Rules panel, plus a Bearer-authenticated REST API
• Plugin system for custom rules and PII patterns
• Pipe Docker logs straight in — no aggregation stack required: docker compose logs | logatory scan -

Licensed under Apache-2.0.