LogPatrol is a fast, dependency-free Python script that scans system log files for suspicious or critical command usage like reboot, shutdown, systemctl, or any custom-defined commands β even in compressed logs!
π‘ Ideal for DevOps, sysadmins, and incident responders who need quick visibility into system-level actions across logs.
- β
Find dangerous or suspicious commands like
reboot,rm, orsystemctl - π§ Scans plain & compressed logs (
.log,.gz,.bz2) β even extensionless logs like/var/log/syslog - π¦ No external dependencies β only Python standard library
- π Includes the source filename and timestamp for every match
- π Exports to clean CSV you can open in Excel for filtering/sorting
- π Fast and optimized β skips files without matches
- 𧩠Customizable β define your own command list in
commands.txt
-
Place a list of commands (one per line) in a
commands.txtfile (optional) -
Run the script:
python3 logpatrol.py
-
Choose a log directory (default: /var/log)
-
Review the results in a neatly structured CSV file like:
hostname_20250702-1420_ParsedLines.csv
| date | command | file | logs |
|---|---|---|---|
| 2025-07-01 04:12:30 | reboot | /var/log/syslog | system reboot initiated by root |
| Jul 1 02:01:05 | systemctl | /var/log/messages | systemctl restart nginx.service |
Note: Matched time patterns include YYYY-MM-DD HH:MM:SS or common syslog formats.
Define your own suspicious or tracked commands by creating a commands.txt file next to the script:
- reboot
- shutdown
- systemctl
- iptables
- rm -rf
- ...
If no file is found, LogPatrol will use a default list of critical commands.
- π Security Audits: Find unauthorized reboots or shutdowns
- π§ Debugging: Trace command-triggered issues
- π Compliance: Record actions for reporting and accountability
- π‘οΈ Forensics: Triage after incidents
- Python 3.x
- No third-party modules required
β
Faster than grepping multiple files manually
β
Works with compressed logs
β
Clean Excel-ready output
β
Fully portable β works anywhere Python does
MIT License Β© 2025