Privacy-first log management. Open Source.
βοΈ Try Cloud (Free Alpha) β’ Self-Host β’ SDKs β’ Docs
β οΈ ALPHA RELEASE: LogWard is currently in active Alpha. The Cloud version is 100% FREE for early adopters. We are looking for feedback to improve stability!
LogWard is an open-source alternative to Datadog, Splunk, and ELK. Designed for developers and European SMBs who need GDPR compliance, data ownership, and simplicity without the complexity of managing an ElasticSearch cluster.
- πͺπΊ GDPR Friendly: Keep data on your servers or use our EU-based cloud.
- β‘ Lightweight: Built on TimescaleDB & Fastify (low RAM usage compared to Java stacks).
- π Developer Experience: 5-minute setup with Docker. Native SDKs.
- π° Cost Effective: Self-host for free.
Choose how you want to use LogWard.
We host it for you. Perfect for testing and small projects. Currently Free.
- Sign up: Go to logward.dev.
- Create Project: Create an organization and a project.
- Get API Key: Copy your project-scoped API Key.
- Send a Log:
curl -X POST https://api.logward.dev/api/v1/ingest \ -H "X-API-Key: YOUR_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "logs": [{ "service": "test", "level": "info", "message": "Hello Cloud!" }] }'
Total control over your data. No build required - uses pre-built images from Docker Hub.
Prerequisites: Docker & Docker Compose.
-
Download configuration
mkdir logward && cd logward curl -O https://raw.githubusercontent.com/logward-dev/logward/main/docker/docker-compose.yml curl -O https://raw.githubusercontent.com/logward-dev/logward/main/docker/.env.example mv .env.example .env
-
Edit
.envwith secure passwordsnano .env
Required variables:
DB_PASSWORD=your_secure_db_password REDIS_PASSWORD=your_secure_redis_password API_KEY_SECRET=your_32_character_secret_key_here
-
Start the stack
docker compose up -d
-
Access LogWard
- Frontend:
http://localhost:3000 - API:
http://localhost:8080 - First Time? Click "Sign up" to create your account
- Frontend:
Note: Database migrations run automatically on first start.
- (Optional) Enable Docker log collection with Fluent Bit
# Download Fluent Bit configuration files curl -O https://raw.githubusercontent.com/logward-dev/logward/main/docker/fluent-bit.conf curl -O https://raw.githubusercontent.com/logward-dev/logward/main/docker/parsers.conf curl -O https://raw.githubusercontent.com/logward-dev/logward/main/docker/extract_container_id.lua curl -O https://raw.githubusercontent.com/logward-dev/logward/main/docker/wrap_logs.lua # Set your LogWard API key in .env echo "FLUENT_BIT_API_KEY=your_api_key_here" >> .env # Start with logging profile docker compose --profile logging up -d
Docker Images: Docker Hub | GitHub Container Registry
Production: Pin versions with
LOGWARD_BACKEND_IMAGE=logward/backend:0.3.1in your.envfile.
Horizontal Scaling: For scaling multiple backend instances, see deployment docs.
Deploy LogWard on any Kubernetes cluster with our official Helm chart.
Prerequisites: Kubernetes 1.25+, Helm 3.10+
-
Add the Helm repository
helm repo add logward https://logward-dev.github.io/logward-helm-chart helm repo update
-
Install LogWard
helm install logward logward/logward \ --namespace logward \ --create-namespace \ --set timescaledb.auth.password=<your-db-password> \ --set redis.auth.password=<your-redis-password>
-
Access LogWard
kubectl port-forward svc/logward-frontend 3000:3000 -n logward
Open
http://localhost:3000
Includes: Backend (2+ replicas), Frontend, Worker, TimescaleDB, Redis, HPA, Ingress support, Prometheus monitoring.
Helm Chart: Artifact Hub | GitHub | Full Docs
We have ready-to-use SDKs for the most popular languages.
| Language | Status | Package / Link |
|---|---|---|
| Node.js | β Ready | @logward-dev/sdk-node |
| Python | β Ready | logward-sdk |
| Go | β Ready | logward-sdk-go |
| PHP | β Ready | logward-dev/sdk-php |
| Kotlin | β Ready | logward-sdk-kotlin |
| C# / .NET | β Ready | LogWard.SDK |
| Docker | β Ready | Use Fluent Bit / Syslog driver |
| HTTP | β Ready | API Reference |
| OpenTelemetry | β Ready | OTLP endpoint (logs + traces) |
- β High-Performance Ingestion: Batch API handling thousands of logs/sec.
- β Real-time Live Tail: See logs as they arrive via Server-Sent Events (SSE).
- β Powerful Search: Filter by service, level, time range, and full-text search.
- β Multi-Organization: Isolate teams and projects strictly.
- β Alerting: Get notified via Email or Webhook (Slack/Discord) on error spikes.
- β Retention Policy: Automatic cleanup of old logs via TimescaleDB.
- β Sigma Rules Detection: Built-in engine to run security detection rules (YAML) against your logs for threat detection.
- β SIEM Dashboard: Security dashboard with incident management, MITRE ATT&CK mapping, and PDF report export. (New in 0.3.0)
- β OpenTelemetry Support: Native OTLP ingestion for logs and traces (protobuf + JSON).
- β Distributed Tracing: Trace viewer with span timeline, service dependencies graph, and trace-to-logs correlation.
LogWard goes beyond simple monitoring by transforming your logs into a security advantage. We support Sigma Rules, the industry-standard format for describing log signatures.
- Threat Detection: Automatically detect suspicious activities (e.g., SSH brute force, clearing of history, web shells).
- Standard Format: Write rules in standard YAML or import existing ones from the Sigma community.
- Real-time Matching: Rules are evaluated against incoming logs in real-time.
Example Rule (Detecting History Clear):
title: Clear Command History
status: stable
logsource:
product: linux
detection:
selection:
command:
- 'history -c'
- 'cat /dev/null > ~/.bash_history'
condition: selection
level: highLogWard now includes a full-featured Security Information and Event Management (SIEM) dashboard, turning your log platform into a lightweight security operations center.
- Summary Stats: Total detections, open incidents, critical alerts at a glance
- Top Threats Chart: Sigma rules ranked by detection count
- Detection Timeline: Time-series visualization of security events
- Affected Services: Quick view of which services triggered detections
- Severity Distribution: Pie chart breakdown (Critical/High/Medium/Low)
- MITRE ATT&CK Heatmap: Visualize detected techniques across the ATT&CK matrix
- Incident Workflow: Track incidents through Open β Investigating β Resolved β False Positive
- Comments & Collaboration: Add notes and discuss incidents with your team
- Activity Timeline: Full audit trail of all status changes and actions
- Detection Events: View matched fields and log context for each detection
- PDF Export: Generate incident reports for compliance and documentation
We use modern, type-safe tools to ensure performance and maintainability.
| Layer | Technology |
|---|---|
| Frontend | SvelteKit 5 (Runes) + TailwindCSS + shadcn-svelte |
| Backend | Fastify + TypeScript + Kysely ORM |
| Database | PostgreSQL 16 + TimescaleDB (Time-series optimization) |
| Queue | Redis 7 + BullMQ |
| Deployment | Docker + Docker Compose |
Distributed under the GNU AGPLv3 License. See LICENSE for more information.
- Free for Internal Use: You can use LogWard internally for free.
- Open Source: The code is available for audit and contribution.
- Commercial Protection: If you offer LogWard as a SaaS (Service) to others, you must release your source code or purchase a Commercial License.