bisco/webfortilog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
15240aee59b92ac8cd0244f9bb8efdd3841a9590
webfortilog/README.md
Alfredo Di Stasio f64deb9c0d Improve log upload handling
2026-04-24 15:00:43 +02:00

128 lines
2.6 KiB
Markdown
Raw Blame History

# webfortilog
Flask-based web application that converts WAF log files into aligned text reports or CSV exports.
## Features
- Upload a UTF-8 log file where each line is a single record
- Parse shell-style `key=value` and `key="value with spaces"` tokens
- Support `vendor` mode with fixed columns and `full` mode with dynamic columns
- Filter by policy and severity with case-sensitive or case-insensitive partial matching
- Sort by combined datetime or severity ranking
- Preview results in the browser and download the generated file
- Run locally with Flask or in Docker with Gunicorn
## Project structure
```text
app/
services/
templates/
tests/
Dockerfile
pyproject.toml
wsgi.py
```
## Local usage
### Requirements
- Python 3.12
### Install
```bash
python3.12 -m venv .venv
source .venv/bin/activate
pip install -e ".[dev]"
```
### Run
```bash
export FLASK_APP=wsgi.py
export MAX_UPLOAD_SIZE_MB=100
flask run --debug
```
Open `http://127.0.0.1:5000`.
### Example input file
If you have a local WAF export such as `attack_download.log`, you can use it as a real example upload.
- Example file: `attack_download.log`
- Approximate size in the current workspace: `98.5 MiB`
- The default `MAX_UPLOAD_SIZE_MB=100` setting is sized to accept a file of that size
### Test
```bash
pytest
```
## Docker usage
### Build
```bash
docker build -t webfortilog .
```
### Run
```bash
docker run --rm -p 8000:8000 -e MAX_UPLOAD_SIZE_MB=100 webfortilog
```
Open `http://127.0.0.1:8000`.
## Docker Compose usage
### Start the web app
```bash
docker compose up --build web
```
### Run the test suite in a container
```bash
docker compose run --rm test
```
## Example usage
### Browser upload
1. Start the app with `flask run --debug` or `docker compose up --build web`
2. Open the web UI
3. Upload `attack_download.log`
4. Try `vendor` mode with `text` output for a readable preview
5. Try `full` mode with `csv` output for complete export coverage
### Command-line upload example
```bash
curl -X POST http://127.0.0.1:5000/convert \
-F "log_file=@attack_download.log" \
-F "mode=vendor" \
-F "output_format=text" \
-F "sort_by=datetime" \
-F "order=asc" \
-F "policy_cs=" \
-F "policy_ci=" \
-F "severity_cs=" \
-F "severity_ci="
```
## Notes
- Temporary output files are written to `instance/outputs`
- The application does not require a database
- Gunicorn is used as the production WSGI server
- Default upload limit is 100 MiB
- Set `MAX_UPLOAD_SIZE_MB` to configure the upload limit in megabytes
- `MAX_CONTENT_LENGTH` is also supported as a lower-level byte-based override
Reference in New Issue View Git Blame Copy Permalink