- Overview
- Quick Start
- Installation
- Building from Source
- Configuration
- Usage Guide
- Docker Deployment
- Development
- CI/CD
- Troubleshooting
LogWhisperer is an AI-powered log analysis and monitoring tool that uses local LLMs (via Ollama) to provide intelligent insights from your system logs. It supports real-time monitoring with Discord alerts, one-time summarization, and multiple log sources.
- 🤖 AI-Powered Analysis: Uses Ollama for local LLM processing
- 📊 Multiple Log Sources: Supports journalctl, files, and Docker containers
- 🚨 Real-time Alerts: Discord webhook integration with configurable mentions
- 🔍 Smart Summarization: Intelligent log pattern detection and analysis
- 🐳 Docker Ready: Full containerization support
- 🛡️ Production Ready: Rate limiting, deduplication, and error handling
# Download the latest release
wget https://github.com/yourusername/logwhisperer/releases/latest/download/logwhisperer_v1.0.0_linux_x86_64.zip
# Extract
unzip logwhisperer_v1.0.0_linux_x86_64.zip
# Install
sudo ./install.sh
# Run a test
logwhisperer test
# Summarize recent errors
logwhisperer summarize --source journalctl --priority err# Using docker-compose (recommended)
docker-compose up -d
# Or using docker directly
docker run -d \
--name logwhisperer \
-v $(pwd)/config.yaml:/etc/logwhisperer/config.yaml \
-e DISCORD_WEBHOOK_URL="your-webhook-url" \
ghcr.io/yourusername/logwhisperer:latest- OS: Linux (Ubuntu/Debian/RHEL/Arch), macOS
- Python: 3.8+ (for development)
- RAM: 4GB minimum (8GB recommended)
- Disk: 2GB for models + logs
# Clone the repository
git clone https://github.com/yourusername/logwhisperer.git
cd logwhisperer
# Run installer
sudo ./install.sh
# With options
sudo ./install.sh --model llama2 --with-service# Install Ollama
curl -fsSL https://ollama.com/install.sh | sh
# Pull default model
ollama pull mistral
# Copy files
sudo mkdir -p /opt/logwhisperer /etc/logwhisperer
sudo cp logwhisperer /opt/logwhisperer/
sudo cp config.yaml /etc/logwhisperer/
sudo chmod +x /opt/logwhisperer/logwhisperer
# Create symlink
sudo ln -s /opt/logwhisperer/logwhisperer /usr/local/bin/logwhisperer# Clone repository
git clone https://github.com/yourusername/logwhisperer.git
cd logwhisperer
# Install dependencies
pip install -r requirements.txt
# Run from source
python logwhisperer.py --help- Python 3.8+
- Git
- GCC/G++ compiler
- UPX (optional, for compression)
# Clone the repository
git clone https://github.com/yourusername/logwhisperer.git
cd logwhisperer
# Install development dependencies
pip install -r requirements-dev.txt
# Run tests
pytest
# Run from source
python logwhisperer.py summarize --source journalctl# Run the build script
./build.sh
# With options
./build.sh --debug # Debug build
./build.sh --skip-tests # Skip tests
./build.sh --no-compress # No UPX compression
./build.sh --sign --gpg-key KEY # Sign release
# Output will be in dist/
ls -la dist/
# logwhisperer_v1.0.0_linux_x86_64.zip
# logwhisperer_v1.0.0_linux_x86_64.tar.gz
# logwhisperer_v1.0.0_linux_x86_64.zip.sha256# Tag a release to trigger CI/CD
git tag v1.0.0
git push origin v1.0.0
# CI/CD will:
# 1. Run tests on multiple platforms
# 2. Build binaries for Linux/macOS (Intel/ARM)
# 3. Create Docker images
# 4. Generate release with artifactsEdit /etc/logwhisperer/config.yaml:
# Model settings
model: mistral # LLM model to use
ollama_host: http://localhost:11434
# Log source
source: journalctl # journalctl, file, or docker
log_file_path: /var/log/syslog # For file source
docker_container: myapp # For docker source
# Monitoring settings
monitor:
enabled: true
webhook_url: https://discord.com/api/webhooks/YOUR_WEBHOOK
escalation_level: ERROR # Minimum level for alerts
# Discord mentions (optional)
discord_mentions:
ERROR:
- "123456789012345678" # User ID
CRITICAL:
- "123456789012345678" # User ID
- "&456789012345678901" # Role ID (prefix with &)export LOGWHISPERER_CONFIG=/path/to/config.yaml
export DISCORD_WEBHOOK_URL=https://discord.com/api/webhooks/...
export OLLAMA_HOST=http://remote-ollama:11434# Run diagnostics
logwhisperer test# Summarize recent errors from journalctl
logwhisperer summarize --source journalctl --priority err
# Summarize a log file
logwhisperer summarize --source file --logfile /var/log/nginx/error.log
# Summarize Docker container logs
logwhisperer summarize --source docker --container myapp
# With custom settings
logwhisperer summarize \
--entries 1000 \ # Number of log entries
--model llama2 \ # Different model
--timeout 120 # Timeout in seconds# Start monitoring (PRO feature)
logwhisperer monitor
# Monitor specific source
logwhisperer monitor --source file --file /var/log/app.log
# With webhook override
logwhisperer monitor --webhook https://discord.com/api/webhooks/...# Continuously summarize logs every 60 seconds
logwhisperer summarize --follow --interval 60In config.yaml:
prompt: |
You are a security analyst. Analyze these logs for security issues:
{{LOGS}}
Focus on:
1. Authentication failures
2. Suspicious patterns
3. Potential breaches# List available models
logwhisperer summarize --list-models
# Use specific model
logwhisperer summarize --model codellama# Create .env file
cat > .env << EOF
DISCORD_WEBHOOK_URL=https://discord.com/api/webhooks/...
OLLAMA_MODEL=mistral
LOG_LEVEL=INFO
EOF
# Start with docker-compose
docker-compose up -d
# View logs
docker-compose logs -f
# Stop
docker-compose downdocker-compose up -d# Run with separate Ollama container
docker-compose --profile external-ollama up -d# Mount source code for development
docker-compose --profile development up# Build image
docker build -t logwhisperer:latest .
# Run with host log access
docker run -d \
--name logwhisperer \
-v /var/log:/host/logs:ro \
-v $(pwd)/config.yaml:/etc/logwhisperer/config.yaml \
-e DISCORD_WEBHOOK_URL="$DISCORD_WEBHOOK_URL" \
logwhisperer:latest monitor# Clone repository
git clone https://github.com/yourusername/logwhisperer.git
cd logwhisperer
# Create virtual environment
python -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate
# Install development dependencies
pip install -r requirements-dev.txt
# Install pre-commit hooks
pre-commit install# Run all tests
pytest
# With coverage
pytest --cov=. --cov-report=html
# Specific test file
pytest tests/test_monitor.py
# Watch mode
ptw # pytest-watch# Format code
black .
isort .
# Lint
flake8 .
mypy .
# Security scan
bandit -r .-
Create a feature branch:
git checkout -b feature/your-feature
-
Make changes and test:
pytest black . -
Commit with conventional commits:
git commit -m "feat: add new feature" git commit -m "fix: resolve issue #123"
-
Push and create PR:
git push origin feature/your-feature
The CI/CD pipeline automatically:
- Runs tests on multiple Python versions
- Builds binaries for Linux and macOS
- Creates Docker images
- Publishes releases
- Push to main: Runs tests
- Pull Request: Runs tests and builds
- Tag push (v)*: Full release pipeline
# Via GitHub UI: Actions -> Build & Release -> Run workflow
# Via GitHub CLI
gh workflow run build-release.yml -f build_type=debug-
Update version:
# In logwhisperer.py __version__ = "1.1.0"
-
Commit and tag:
git add . git commit -m "chore: bump version to 1.1.0" git tag v1.1.0 git push origin main v1.1.0
-
CI/CD will create:
- GitHub Release with binaries
- Docker images on Docker Hub and GHCR
- Updated documentation
# Check if Ollama is running
curl http://localhost:11434/api/tags
# Start Ollama
ollama serve
# Check logs
journalctl -u ollama -f# List models
ollama list
# Pull model
ollama pull mistral# Fix permissions
sudo chown -R $USER:$USER /opt/logwhisperer
sudo chmod +x /opt/logwhisperer/logwhisperer# Test webhook
curl -H "Content-Type: application/json" \
-d '{"content":"Test message"}' \
YOUR_WEBHOOK_URL# Run with verbose logging
LOG_LEVEL=DEBUG logwhisperer monitor
# Check logs
tail -f /var/log/logwhisperer/logwhisperer.log- Check logs:
/var/log/logwhisperer/ - Run diagnostics:
logwhisperer test - Enable debug logging
- Check GitHub Issues
- Join Discord Community
# Reduce model size for faster processing
model: phi # Smaller model
# Adjust timeout for slow systems
timeout: 300monitor:
batch_size: 100 # Smaller batches
batch_timeout: 60 # Longer timeoutmonitor:
rate_limit_window: 300 # 5 minutes
rate_limit_max_alerts: 5 # Max 5 alerts per window- Webhook Security: Keep webhook URLs private
- Log Access: Use read-only mounts
- Container Security: Run as non-root user
- Model Security: Use trusted models only
- Network Security: Use HTTPS for Ollama if remote
LogWhisperer is released under the MIT License. See LICENSE file for details.
Contributions are welcome! Please read CONTRIBUTING.md for guidelines.
- 📧 Email: support@logwhisperer.example.com
- 💬 Discord: Join our community
- 🐛 Issues: GitHub Issues
- 📖 Wiki: GitHub Wiki