WebSentinel
Log analysis · IP monitoring · Reports
WebSentinel — Security monitoring for small teams

Log analysis and threat detection for growing websites

WebSentinel helps developers and site owners identify suspicious traffic, investigate patterns, and manage blocklists directly in the browser. Upload access logs or connect to the optional API — all analysis happens locally by default.

Focus on actionable insights: risky IPs, unusual endpoints, severity scoring, and exportable reports. No servers, no tracking.

Theme options
2
Dark / Light
Analysis views
5
Dashboards & reports
IP extraction
Auto
From common log fields
Capabilities

Unified log parser

Accepts JSON, NDJSON, nginx access logs, and plain text. Normalizes entries into a consistent format for IPs, status codes, endpoints, and severity.

Flagged IP management

Store suspicious IPs locally, adjust block/allow status, add notes, and correlate with log entries. Keep control of your data.

Upload and parse

Select a log file — the parser extracts IPs, timestamps, methods, and status codes. Processing stays in your browser.

Risk detection rules

Alerts based on status codes (4xx/5xx), suspicious paths, request patterns, and known attack indicators.

Geographic overview

Country distribution chart and threat levels, derived from log data and lightweight geo hints.

IP extraction logic

  • 1
    Field detection Checks fields like ip, client_ip, remote_addr, src_ip after key normalization.
  • 2
    Nginx / plaintext parsing For raw log lines, extracts the first token as the client IP address (standard combined/CLF format).
  • 3
    Fallback & geo guess If country information is missing, a lightweight prefix map provides approximate geo context for visualisation.

About the platform

WebSentinel is built for small businesses, freelancers, and internal tooling. No external dependencies required — all core analysis runs client‑side. The dashboard highlights high‑risk IPs, generates summary reports, and allows manual overrides for flagged addresses.

Key features

  • Log ingestion: JSON, NDJSON, nginx, and plain text.
  • Severity scoring: Low to critical based on behavior and status codes.
  • Flag & blocklist: Store IPs, add notes, change status.
  • Report generation: Export as JSON or standalone HTML.
  • Privacy by design: Data stays in your browser unless you choose to use the Cloudflare Worker API.

Quick start

  1. Go to Dashboard → click “Choose file” and upload an access log.
  2. Click “Upload & Analyze” — wait for parsing and alert generation.
  3. Check the Alerts and Flagged IPs sections, then export a report if needed.

Support & contact

For technical documentation and contribution guidelines, refer to the public repository. For business inquiries, use the contact form on the project homepage.

Upload log file

JSON, NDJSON, Nginx access log, or plain text. Parsed locally.

Total entries
0
Log records loaded
Active alerts
0
Open + investigating
Flagged requests
0
High + critical severity
Blocked IPs
0
IPs currently blocked
HTTP status distribution
Severity distribution
Recent alerts

No active alerts

Recent log entries

No logs loaded

Showing 0 of 0 logs
Timestamp IP address Method URL Status Country Severity Size (B)
Total requests
0
Unique countries
0
High threat sources
0
Top countries by volume
Threat level by country
Country breakdown
CountryCodeRequests% of totalThreat indexLast request
Executive security summary

Consolidated view for incident review and team sharing.

Risk index
0
Aggregate score
Suspicious IPs
0
Flagged or blocked
Auth anomalies
0
Suspicious login attempts
Recommended action
Review
Next step
Findings summary
Recommendations
Analyst notes

Add internal remarks, save them locally.

Report breakdown
CategoryDetails