Synthetic log generator for SIEM and IR exercises
Project description
loggen
Synthetic log generator for SIEM and IR exercises. Reproducible, deterministic, supports arbitrary scales from MB to TB. Profiles for Windows, Linux, network, and EDR-like telemetry.
Install
pip install -e .
Quick start
from loggen import LogGen, Session
gen = LogGen(seed=42)
# Stream 1 000 mixed entries
for entry in gen.stream(["windows", "linux", "edr"], count=1000):
print(entry.asdict())
# Write 1 GB of mixed logs (gzip)
gen.write("corpus.jsonl.gz", ["windows", "linux", "network", "edr"], size="1GB")
# Run a built-in attack scenario
gen.write("attack.jsonl", [], scenario="lateral_movement", count=50)
# In-memory list
entries = gen.to_list(["network"], count=200)
Custom data pools
By default loggen ships with a built-in set of hostnames, users, and IPs.
You can replace any of them with your own data.
Inline lists
from loggen import Session, LogGen
session = Session(
seed=42,
hosts=["prod-web-01", "prod-db-01", "prod-cache-01"],
users=["alice", "bob", "charlie"],
)
gen = LogGen(session=session)
From a file
from loggen import Session, LogGen, WordList
session = Session(
seed=42,
hosts=WordList.from_file("wordlists/hosts.txt"),
users=WordList.from_file("wordlists/users.json"),
internal_ips=WordList.from_file("wordlists/ips.csv", column=0),
)
gen = LogGen(session=session)
From a JSON config file
from loggen import Session, LogGen
session = Session.from_config("config/loggen.json")
gen = LogGen(session=session)
See WIKI.md for the config file format and all supported options.
From an environment variable
from loggen import WordList
hosts = WordList.from_env("LOGGEN_HOSTS") # comma-separated
users = WordList.from_env("LOGGEN_USERS", fallback=["admin"])
CLI
# 10 000 mixed entries to stdout (JSON Lines)
python -m loggen generate -p windows -p linux -n 10000
# 500 MB of network logs, gzip, reproducible
python -m loggen generate -p network --size 500MB --seed 42 -o network.jsonl.gz
# Brute-force scenario in CEF format
python -m loggen generate --scenario brute_force -f cef -o brute.cef
# Custom profile weights
python -m loggen generate -p windows -p edr --weight windows:4 --weight edr:1 -n 50000 -o out.jsonl
# List available options
python -m loggen list-profiles
python -m loggen list-scenarios
python -m loggen list-formats
Profiles
| Profile | Covers |
|---|---|
windows |
Security events 4624/4625/4688/4672/4698/7045/5140/4104 … |
linux |
sshd auth, sudo, cron, systemd, auditd, PAM, kernel |
network |
Firewall allow/deny, DNS, HTTP proxy, DHCP |
edr |
Process/file/network/registry/module events with hashes |
Scenarios
| Scenario | Description |
|---|---|
brute_force |
Repeated logon failures → success |
lateral_movement |
Recon → SMB share access → remote execution |
priv_esc |
Service install → SYSTEM shell → 4672 |
data_exfil |
Archive creation → large outbound transfers → DNS tunnelling |
persistence |
Registry run key + scheduled task + binary drop |
Output formats
| Format | Description |
|---|---|
jsonl |
JSON Lines / NDJSON (default) |
cef |
ArcSight CEF:0 |
syslog |
RFC 5424 syslog |
See WIKI.md for full API reference.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file loggen_lg-0.1.0.tar.gz.
File metadata
- Download URL: loggen_lg-0.1.0.tar.gz
- Upload date:
- Size: 25.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e66dde1ce9ea02fe1f940836926ae1b0b4aab032c1ef4d8ac8884cc75aa09566
|
|
| MD5 |
e879158d342970f6df86854fa0619fdf
|
|
| BLAKE2b-256 |
c08e596b001598acd9d5fdbf30710cd290e4e297e482d15edd870cf6b0667bd6
|
File details
Details for the file loggen_lg-0.1.0-py3-none-any.whl.
File metadata
- Download URL: loggen_lg-0.1.0-py3-none-any.whl
- Upload date:
- Size: 31.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c186b7bf8de9f774732a597fbb89f61bf5109fe8121feab9172a6c8595660410
|
|
| MD5 |
9fe63be6514f454e02e01f61aa83c5c3
|
|
| BLAKE2b-256 |
e5686fe56d4c771848aa77883cfe437e474b1afec641d68086f61812dc8188ed
|
