Flit Watch is a local syslog receiver and SIEM for developers, security engineers, and students. Ingest, parse, correlate, and inspect every log event in real time — running entirely on your own machine, with nothing sent to the cloud.
Accept syslog events over UDP, TCP, and TLS on standard ports. Parse every industry-standard format automatically — RFC 3164, RFC 5424, CEF 1.0, and raw text — with zero configuration.
Define regex-based correlation rules that fire when patterns exceed a count threshold within a time window. Six built-in rules cover brute force, port scans, privilege escalation, and more — or write your own.
Don't wait for real attacks to test your detection rules. The injector lets you fire pre-built attack scenarios — SSH brute force, port scans, lateral movement — directly into the event stream, so you can validate every rule before it matters.
A single static binary — no runtime, no dependencies, no config. Download for your platform and run.
--udp-port 5514 --http-port 5515 to avoid root on Linux.No cloud. No account. No config files. One binary, one command — and every log event your systems emit is right in front of you.
Open source · MIT license · ~10 MB · Linux · macOS · Windows