About Loglumen

Inspiration

Imagine you manage 10, 50, or 100 computers. How do you know if:

Someone tried to hack into one of them?
A critical service crashed?
Unauthorized software was installed?
A system is experiencing kernel panics?

Instead of manually checking logs on each machine, Loglumen automatically collects important security events from all your Linux and Windows systems and displays them in one user-friendly web front-end.

How It Works

Step 1: Agent Collects Logs (Python)

On each monitored machine, a daemonized Python agent runs that:

Reads system log files (Windows Event Logs or Linux syslogs)
Filters for important security events (logins, crashes, privilege changes, etc.)
Converts events to a standardized JSON format
Sends the JSON to the central server

Step 2: Server Aggregates & Displays (Rust)

The central server:

Receives JSON events from all agents
Stores the events in a database
Analyzes which machines have issues
Displays everything in a web dashboard

How it Differs from Other SIEM

Simple by design to modify, update, and use
User friendly front-end for easy data digestion
Cross platform agent program for monitoring Windows and Linux machines
Rust front-end for high performance

What We Learned

As many of us were new to developing entirely, we learned greatly about how development in a team context works, as well as how to use GitHub. We were forced to do a lot of our work in the terminal, which also taught us a fair bit of CLI commands that we didn't know before. Most importantly, we learned much about how logs are collected on both Linux and Windows.

AI Disclosure

Various large language models (LLMs) were used to assist with programming and documentation. The idea for and structure of this SIEM application was entirely human-made, and AI served only to make our vision a reality given time constraints.