Analysis updated 2026-05-18
Generate a 24-hour backfill of realistic Apache access logs to test a log ingestion pipeline.
Inject a simulated brute-force attack into Windows Security Event logs to test SIEM detection rules.
Produce seeded, reproducible Kubernetes crash-loop logs as a repeatable test fixture.
Stream Cisco ASA firewall logs at 100 events per second to a UDP collector for load testing.
| expanso-io/log-simulators | adeliox/klein-head-swap | ats4321/ragit | |
|---|---|---|---|
| Stars | 4 | 4 | 4 |
| Language | Python | Python | Python |
| Setup difficulty | easy | moderate | moderate |
| Complexity | 2/5 | 3/5 | 2/5 |
| Audience | ops devops | designer | developer |
Figures from each repo's GitHub metadata at analysis time.
Requires uv (a Python tool runner), no clone, Docker, or install needed.
Log Simulators is a collection of 13 Python tools that generate realistic log files for testing data processing pipelines. Each tool produces a different type of log: web server access logs, IoT sensor readings, Windows security events, Cisco firewall logs, Kubernetes pod logs, PostgreSQL slow query logs, and several more. The goal is to give engineers realistic traffic to test against when building or debugging a SIEM (security information and event management system) or an observability pipeline, without needing a real production environment running. The output is more realistic than simple random data because it uses consistent entities across events. The same host names, user accounts, and IP addresses recur across log lines in a believable pattern. A firewall log will show a connection being built and later torn down with matching IDs. Traffic volumes follow realistic distributions rather than being evenly spaced. Each simulator can inject scenario windows into an otherwise boring baseline stream. For example, the web server simulator can inject recurring bursts of 5xx errors, the Windows event simulator can inject a password-spray attack, and the Kubernetes simulator can inject a crash-looping pod. This lets you test whether your pipeline correctly detects anomalies without having to wait for them to happen naturally. A consistent set of command-line flags applies to all 13 tools. You can set an output rate in events per second, generate a fixed number of events and stop, backfill a period of historical events at full speed, or stream continuously. A seed flag makes the output byte-identical across runs, which is useful for writing repeatable tests. Running any of the tools requires no installation. A single command using uvx (a Python tool runner) fetches and runs the tool directly from the repository. Each simulator can write to standard output, a file, or a UDP or TCP network collector. The project is Apache 2.0 licensed, meaning you can use it freely in commercial projects.
A collection of 13 Python log generators producing realistic web, IoT, firewall, Windows, Kubernetes, and cloud logs for testing SIEM and data pipelines, with no install needed.
Mainly Python. The stack also includes Python, uv/uvx.
Use freely for any purpose, including commercial use, with attribution and license notice kept.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.