Skip to main content
Glama

MCP Log Analyzer

by sedwardstx
GitHub
Python
MIT License
2
OverviewInspectNewSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue

MCP Log Analyzer

A Model Context Protocol (MCP) server for analyzing different types of logs on Windows systems, built with the FastMCP framework.

Features

  • Multiple Log Format Support
    • Windows Event Logs (EVT/EVTX)
    • Windows Event Trace Logs (ETL)
    • Structured Logs (JSON, XML)
    • CSV Logs
    • Unstructured Text Logs
  • MCP Tools
    • register_log_source: Register new log sources
    • list_log_sources: View all registered sources
    • get_log_source: Get details about a specific source
    • delete_log_source: Remove a log source
    • query_logs: Query logs with filters and pagination
    • analyze_logs: Perform analysis (summary, pattern, anomaly)
  • MCP Resources
    • logs://sources: View registered log sources
    • logs://types: Learn about supported log types
    • logs://analysis-types: Understand analysis options
    • system://windows-event-logs: Recent Windows System and Application event logs
    • system://linux-logs: Linux systemd journal and application logs
    • system://process-list: Current processes with PID, CPU, and memory usage
    • system://netstat: Network connections and statistics for troubleshooting
  • MCP Prompts
    • Log analysis quickstart guide
    • Troubleshooting guide
    • Windows Event Log specific guide

Installation

# Clone the repository git clone https://github.com/your-username/mcp-log-analyzer.git cd mcp-log-analyzer # Install the package pip install -e . # For ETL file support (optional) pip install -e ".[etl]" # For development dependencies pip install -e ".[dev]"

Windows Setup

On Windows, the package includes Windows Event Log support via pywin32. If you encounter import errors:

# Ensure Windows dependencies are installed pip install pywin32>=300 # Test the setup python test_windows_setup.py # If successful, start the server python main.py

Note: On first install of pywin32, you may need to run the post-install script:

python Scripts/pywin32_postinstall.py -install

Usage

Understanding MCP Servers

MCP (Model Context Protocol) servers don't have traditional web endpoints. They communicate via stdin/stdout with MCP clients (like Claude Code). When you run python main.py, the server starts silently and waits for MCP protocol messages.

Testing the Server

# Test that the server is working python check_server.py # See usage instructions python check_server.py --usage

Starting the MCP Server

# Run directly python main.py # Or use Claude Code's MCP integration claude mcp add mcp-log-analyzer python main.py

Using with Claude Code

  1. Add the server to Claude Code:
    claude mcp add mcp-log-analyzer python /path/to/main.py
  2. Use the tools in Claude Code:
    • Register a log source: Use the register_log_source tool
    • Query logs: Use the query_logs tool
    • Analyze logs: Use the analyze_logs tool
  3. Access resources:
    • Reference resources using @mcp-log-analyzer:logs://sources
    • Get help with prompts like /mcp__mcp-log-analyzer__log_analysis_quickstart

System Monitoring Resources

These resources provide real-time system information without needing to register log sources:

  1. Check System Processes:
    • Access via @mcp-log-analyzer:system://process-list
    • Shows top processes by CPU usage with memory information
  2. Windows Event Logs (Windows only):
    • Default: @mcp-log-analyzer:system://windows-event-logs (last 10 entries)
    • By count: @mcp-log-analyzer:system://windows-event-logs/last/50 (last 50 entries)
    • By time: @mcp-log-analyzer:system://windows-event-logs/time/30m (last 30 minutes)
    • By range: @mcp-log-analyzer:system://windows-event-logs/range/2025-01-07 13:00/2025-01-07 14:00
    • Shows System and Application event log entries
  3. Linux System Logs (Linux only):
    • Default: @mcp-log-analyzer:system://linux-logs (last 50 lines)
    • By count: @mcp-log-analyzer:system://linux-logs/last/100 (last 100 lines)
    • By time: @mcp-log-analyzer:system://linux-logs/time/1h (last hour)
    • By range: @mcp-log-analyzer:system://linux-logs/range/2025-01-07 13:00/2025-01-07 14:00
    • Shows systemd journal, syslog, and common application logs
  4. Network Monitoring (Cross-platform):
    • Default: @mcp-log-analyzer:system://netstat (listening ports)
    • Listening ports: @mcp-log-analyzer:system://netstat/listening
    • Established connections: @mcp-log-analyzer:system://netstat/established
    • All connections: @mcp-log-analyzer:system://netstat/all
    • Network statistics: @mcp-log-analyzer:system://netstat/stats
    • Routing table: @mcp-log-analyzer:system://netstat/routing
    • Port-specific: @mcp-log-analyzer:system://netstat/port/80
    • Uses netstat on Windows, ss (preferred) or netstat on Linux

Time Format Examples:

  • Relative time: 30m (30 minutes), 2h (2 hours), 1d (1 day)
  • Absolute time: 2025-01-07 13:00, 2025-01-07 13:30:15, 07/01/2025 13:00

Example Workflow

  1. Register a Windows System Log:
    Use register_log_source tool with: - name: "system-logs" - source_type: "evt" - path: "System"
  2. Query Recent Errors:
    Use query_logs tool with: - source_name: "system-logs" - filters: {"level": "Error"} - limit: 10
  3. Analyze Patterns:
    Use analyze_logs tool with: - source_name: "system-logs" - analysis_type: "pattern"
  4. Register an ETL File:
    Use register_log_source tool with: - name: "network-trace" - source_type: "etl" - path: "C:\\Traces\\network.etl"

Development

# Run tests pytest # Code formatting black . isort . # Type checking mypy src # Run all quality checks black . && isort . && mypy src && flake8

Project Structure

  • src/mcp_log_analyzer/: Main package
    • mcp_server/: MCP server implementation using FastMCP
    • core/: Core functionality and models
    • parsers/: Log parsers for different formats
  • main.py: Server entry point
  • .mcp.json: MCP configuration
  • tests/: Test files

Requirements

  • Python 3.12+
  • Windows OS (for Event Log support)
  • See pyproject.toml for full dependencies

License

MIT

This server cannot be installed

-
security - not tested
A
license - permissive license
-
quality - not tested

How are these scores calculated?

local-only server

The server can only run on the client's local machine because it depends on local resources.

A Model Context Protocol server that analyzes various log types on Windows systems, allowing users to register, query, and analyze logs from different sources including Windows Event Logs, ETL files, and structured/unstructured text logs.

  1. Features
    1. Installation
      1. Windows Setup
    2. Usage
      1. Understanding MCP Servers
      2. Testing the Server
      3. Starting the MCP Server
      4. Using with Claude Code
    3. System Monitoring Resources
      1. Time Format Examples:
    4. Example Workflow
      1. Development
        1. Project Structure
          1. Requirements
            1. License

              Related MCP Servers

              • MCP Word Counter

                qpd-v
                A
                security
                A
                license
                A
                quality
                A Model Context Protocol server that provides tools for analyzing text documents, including counting words and characters. This server helps LLMs perform text analysis tasks by exposing simple document statistics functionality.
                Last updated -
                1
                441
                10
                JavaScript
                Apache 2.0

              • Filesystem MCP Server

                bsmi021
                -
                security
                A
                license
                -
                quality
                A Model Context Protocol server that provides file system operations, analysis, and manipulation capabilities through a standardized tool interface.
                Last updated -
                4
                TypeScript
                MIT License

              • stdout-mcp-server

                amitdeshmukh
                A
                security
                F
                license
                A
                quality
                A Model Context Protocol server that captures and manages stdout logs through named pipes, making application output available for querying and debugging in AI tools like Cursor IDE.
                Last updated -
                1
                428
                4
                TypeScript
                • Linux
                • Apple

              • IT Tools MCP Server

                wrenchpilot
                A
                security
                A
                license
                A
                quality
                A comprehensive Model Context Protocol server providing access to 70+ IT tools for developers and system administrators, including encoding/decoding, text manipulation, hashing, and network utilities.
                Last updated -
                76
                400
                6
                TypeScript
                MIT License
                • Linux

              View all related MCP servers

              New MCP Servers

              MCP directory API

              We provide all the information about MCP servers via our MCP API.

              curl -X GET 'https://glama.ai/api/mcp/v1/servers/sedwardstx/demomcp'

              If you have feedback or need assistance with the MCP directory API, please join our Discord server