FortiLogForge: Fortinet Log Analyzer

[+] Status: Complete [+] Origin: Portfolio Project [+] Date: 2025.01
>> TECH_STACK:
[React][FastAPI][Python][TypeScript][Docker][Tailwind CSS][Pandas]

FortiLogForge is a log analysis tool purpose-built for Fortinet firewall logs. It parses, normalizes, and analyzes traffic, event, and UTM logs from FortiGate devices, providing interactive visualizations and automated pattern detection. The tool handles multiple Fortinet log formats and normalizes field schemas across FortiOS versions.

The analysis engine uses Pandas for statistical processing, detecting anomalous patterns like periodic beaconing, slow port scans, and unusual destination diversity. An interactive timeline view plots events chronologically, enabling rapid incident reconstruction. The entire application deploys via Docker Compose for consistent environments.

Open Source

This project is open source and available on GitHub

View Repository 6 Commits Star on GitHub

Full-stack log analysis platform with Python data processing:

React + TypeScript
Frontend Framework

Interactive log viewer with filterable tables, timeline visualizations, and drill-down detail panels for individual log entries

FastAPI + Python
Backend API

Async log parsing engine with Pandas for statistical analysis, pattern detection, and aggregation of Fortinet log formats

Docker
Deployment

Containerized deployment with Docker Compose for consistent environments across development and production

Tailwind CSS
Styling

Dark-first interface matching security tooling conventions with responsive data tables and chart layouts

Log Parsing Multi-Format Fortinet Log Parser
Problem: Fortinet devices produce logs in several formats (syslog, CSV, binary) with varying field schemas across FortiOS versions
Solution: Built a flexible parser that auto-detects log format, normalizes fields across FortiOS versions, and extracts structured data from traffic, event, and UTM log types. Handles both real-time syslog streams and uploaded log files
Result: Single tool handles all Fortinet log formats without manual format selection
Analysis Traffic Pattern Detection
Problem: Manual log review misses subtle patterns in large datasets, like slow port scans or periodic beaconing
Solution: Implemented statistical analysis with Pandas for detecting anomalous traffic patterns: connection frequency analysis, destination diversity scoring, time-series periodicity detection, and geo-IP enrichment for source/destination mapping
Result: Automated detection surfaces patterns that would take hours to find through manual review
Visualization Interactive Timeline View
Problem: Flat log tables make it difficult to understand the temporal relationship between events
Solution: Built a zoomable timeline that plots log events chronologically with severity-coded markers. Users can brush-select time ranges to filter the detail table, overlay multiple log types on the same timeline, and export selected time windows
Result: Temporal visualization enables rapid incident timeline reconstruction
Log Analysis
  • Fortinet log formats
  • Syslog parsing
  • Field normalization
  • Format auto-detection
Data Processing
  • Pandas aggregation
  • Statistical analysis
  • Pattern detection
  • Time-series analysis
Full-Stack
  • React + FastAPI
  • File upload handling
  • Streaming responses
  • Docker deployment
Security Tooling
  • Traffic analysis
  • Geo-IP enrichment
  • Beaconing detection
  • Timeline reconstruction
Complete
  • Multi-format Fortinet log parsing
  • Cross-version field normalization
  • Statistical pattern detection with Pandas
  • Interactive zoomable timeline view
  • Geo-IP enrichment for source/destination
  • Docker Compose deployment