TWSLA is a command-line log analysis tool from the TWSNMP project. It’s built for administrators and operators who want to work directly with large log sets without deploying a heavier log management stack.
The program imports logs into a local searchable datastore, then provides interactive terminal-based tools for filtering, counting, extracting, and visualising data. It supports common operational workflows such as spotting rare events, examining time-based activity patterns, and analysing suspicious or delayed log entries.
This is free and open source software.
Key Features
- Imports logs from files, directories, archives, SCP, SSH, email sources, and TWSNMP FC.
- Provides interactive log searching with simple filters, regular expressions, exclusion filters, and time-range filtering.
- Counts log events over time or by extracted fields, with support for JSON, GROK, word, and normalised pattern extraction.
- Extracts structured values such as IP addresses, MAC addresses, email addresses, URLs, words, and numeric data from log entries.
- Finds rare log lines using TF-IDF analysis.
- Includes anomaly detection modes for suspicious logs, including SQL injection, OS command injection, directory traversal, and other unusual patterns.
- Offers heat map, time-difference, and delay analysis to highlight temporal patterns and latency issues in logs.
- Supports relation analysis between extracted values and can output interactive graphs.
- Can detect threats using SIGMA rules.
- Includes email log analysis features such as searching headers, counting by fields, checking SPF status, and reviewing relay counts and delivery delays.
- Supports AI-assisted log analysis using external LLM providers.
- Lets you save results and charts in formats including CSV, PNG, and interactive HTML.
- Cross-platform support – runs under Linux, macOS, and Windows.
Website: github.com/twsnmp/twsla
Support:
Developer: twsnmp
License: Apache License 2.0
TWSLA is written in Go. Learn Go with our recommended free books and free tutorials.
Related Software
| Console Log File Analyzers | |
|---|---|
| journalctl | Query and display messages from the journal |
| lnav | Curses-based tool for viewing and analyzing log files |
| Gonzo | Go based TUI for log analysis |
| angle-grinder | Slice and dice logs |
| MultiTail | Monitor logfiles and command output in multiple windows |
| Swatch | Simple Log Watcher is a useful tool to monitor just about any type of log |
| Chipmunk | Fast logfile viewer that can deal with huge logfiles (>10 GB) |
Read our verdict in the software roundup.
 Explore our comprehensive directory of recommended free and open source software. Our carefully curated collection spans every major software category.This directory is part of our ongoing series of informative articles for Linux enthusiasts. It features hundreds of detailed reviews, along with open source alternatives to proprietary solutions from major corporations such as Google, Microsoft, Apple, Adobe, IBM, Cisco, Oracle, and Autodesk. You’ll also find interesting projects to try, hardware coverage, free programming books and tutorials, and much more. Discovered a useful open source Linux program that we haven’t covered yet? Let us know by completing this form. |