log·anomaly scanner
unsupervised · autoencoder

Detect what doesn't look normal

Scan an access log for anomalous requests.

Drop an nginx or Apache combined-format access log. The model learned what normal traffic looks like and flags requests that deviate — injection, traversal, scanners — and tells you which signals gave them away.

Drop an access log here
or click to choose a file

No log handy? Scan a sample  ·  Download a sample log to try uploading

Where do I find my access logs?
  • nginx/var/log/nginx/access.log
  • Apache/var/log/apache2/access.log (Debian/Ubuntu) or /var/log/httpd/access_log (RHEL/CentOS)
  • Format must be combined: IP - - [time] "METHOD path HTTP/1.1" status bytes "referer" "user-agent"
  • Nothing is stored — the file is scored in memory and discarded.