FastLogScan

FastLogScan is a cross-platform log analysis tool written in Go. It automatically detects the operating system, collects system logs, classifies them by severity and action type, and serves a modern embedded web dashboard for exploration, filtering, and export.

Features

• Zero-config execution: run the binary and the dashboard opens automatically in your default browser
• OS auto-detection: supports Windows, Linux, and macOS with dedicated log collectors
• Smart log classification:
  • Severity levels: Informational, Low, Medium, High
  • Action types: Authentication, Connection, Boot/Init, Disk/Storage, Security, Error/Failure, Update/Install, Hardware, Application, General
  • Entity extraction: identifies the process or source that generated the log (e.g., sshd, systemd, EventLog/System)
• Noise filter: hide routine informational logs (success, started, completed, etc.) with one click
• Interactive dashboards:
  • Severity distribution doughnut chart (click to filter)
  • Category bar chart (click to filter)
  • Animated severity counters (click to filter)
• Log Explorer: dedicated full-table view with advanced filters (severity, action, entity) and full-text search
• Multilingual UI: switch between English and Italian via flag selector in the top-right corner
• JSON export: export the currently filtered logs to a JSON file
• Single binary: the entire application, including the web UI, is compiled into one executable thanks to Go embed

Architecture

FastLogScan/
├── main.go                           # Entry point, orchestrates detection, collection, server
├── internal/
│   ├── models/models.go              # Shared data structures (LogEntry, Severity, OSInfo, DashboardData)
│   ├── osdetector/osdetector.go      # OS detection (name, version, architecture)
│   ├── analyzer/analyzer.go          # Log parsing, timestamp extraction, severity scoring, entity/action detection
│   ├── logcollector/
│   │   ├── collector.go              # Collector interface and factory
│   │   ├── windows.go                # Windows collector (wevtutil for Event Log + text log files)
│   │   └── linux.go                  # Linux collector (/var/log/*, journalctl optional)
│   └── server/
│       ├── server.go                 # HTTP server with REST API and embedded static files
│       └── static/                   # Dashboard SPA (HTML, CSS, JS)
│           ├── index.html
│           ├── style.css
│           └── app.js

How it works

1. OS Detection: at startup, osdetector identifies the host OS using runtime.GOOS and system commands (ver, uname, /etc/os-release).
2. Log Collection: logcollector selects the appropriate collector:
   • Windows: runs wevtutil to query System, Application, and Setup Event Logs, plus scans common .log directories.
   • Linux: reads /var/log/syslog, messages, auth.log, kern.log, dmesg, dpkg.log, and other .log files.
3. Analysis: each log line is analyzed to:
   • Extract the timestamp using regex for common formats
   • Detect severity by keyword matching (error, warning, critical, fatal, etc.)
   • Detect the Entity (process/source name)
   • Detect the Action category (Authentication, Connection, Boot, etc.)
4. Dashboard: an embedded HTTP server starts on a free local port and automatically opens the browser. The SPA fetches data via /api/data and renders charts, tables, and filters.
5. Navigation: clicking on charts or severity cards navigates to the Log Explorer with the corresponding filter pre-applied via URL hash parameters.

Requirements

• Go 1.22 or newer
• On Windows: wevtutil is available by default on modern Windows versions
• On Linux: read access to /var/log/ (some files may require root)

Build

Build for the current OS

go build -o FastLogScan .

Build for Windows (cross-compile from Linux/macOS)

GOOS=windows GOARCH=amd64 go build -o FastLogScan.exe .

Build for Linux (cross-compile from Windows/macOS)

GOOS=linux GOARCH=amd64 go build -o FastLogScan .

Build for macOS

GOOS=darwin GOARCH=amd64 go build -o FastLogScan .

Usage

Simply run the compiled binary. No command-line arguments are required.

# Linux / macOS
./FastLogScan

# Windows
FastLogScan.exe

The application will:

1. Detect the operating system
2. Collect system logs
3. Start the local web dashboard
4. Open your default browser automatically

To exit, press CTRL+C in the terminal.

API Endpoints

The embedded server exposes the following REST endpoints:

• GET /api/data - full dashboard payload (OS info, severity counts, all logs, categories, sources)
• GET /api/logs - raw array of all logs
• GET /api/filter?q=...&severity=...&category=...&source=... - server-side filtered logs
• GET /api/noise - logs with routine noise entries removed

Notes

• On Windows, reading the Security Event Log may require Administrator privileges. The collector silently skips channels it cannot access.
• If no system logs are found, the application loads a small set of sample logs so the dashboard remains functional for demonstration.
• The UI language defaults to English and can be switched to Italian at any time using the flag buttons in the top-right corner. The preference is saved in localStorage.
• All static assets (HTML, CSS, JS) are embedded into the binary using //go:embed, so the executable is completely self-contained.

License

MIT