explaingit

expanso-io/log-simulators

Analysis updated 2026-05-18

4PythonAudience · ops devopsComplexity · 2/5LicenseSetup · easy

TLDR

A collection of 13 Python log generators producing realistic web, IoT, firewall, Windows, Kubernetes, and cloud logs for testing SIEM and data pipelines, with no install needed.

Mindmap

mindmap
  root((log-simulators))
    Log types
      Web server
      IoT sensors
      Windows events
      Firewall Kubernetes
    Features
      Scenario injection
      Seeded determinism
      Backfill mode
      Rate control
    Output
      Stdout or file
      TCP UDP collector
    Uses
      SIEM testing
      Pipeline testing
      Load testing
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Generate a 24-hour backfill of realistic Apache access logs to test a log ingestion pipeline.

USE CASE 2

Inject a simulated brute-force attack into Windows Security Event logs to test SIEM detection rules.

USE CASE 3

Produce seeded, reproducible Kubernetes crash-loop logs as a repeatable test fixture.

USE CASE 4

Stream Cisco ASA firewall logs at 100 events per second to a UDP collector for load testing.

What is it built with?

Pythonuv/uvx

How does it compare?

expanso-io/log-simulatorsadeliox/klein-head-swapats4321/ragit
Stars444
LanguagePythonPythonPython
Setup difficultyeasymoderatemoderate
Complexity2/53/52/5
Audienceops devopsdesignerdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 5min

Requires uv (a Python tool runner), no clone, Docker, or install needed.

Use freely for any purpose, including commercial use, with attribution and license notice kept.

In plain English

Log Simulators is a collection of 13 Python tools that generate realistic log files for testing data processing pipelines. Each tool produces a different type of log: web server access logs, IoT sensor readings, Windows security events, Cisco firewall logs, Kubernetes pod logs, PostgreSQL slow query logs, and several more. The goal is to give engineers realistic traffic to test against when building or debugging a SIEM (security information and event management system) or an observability pipeline, without needing a real production environment running. The output is more realistic than simple random data because it uses consistent entities across events. The same host names, user accounts, and IP addresses recur across log lines in a believable pattern. A firewall log will show a connection being built and later torn down with matching IDs. Traffic volumes follow realistic distributions rather than being evenly spaced. Each simulator can inject scenario windows into an otherwise boring baseline stream. For example, the web server simulator can inject recurring bursts of 5xx errors, the Windows event simulator can inject a password-spray attack, and the Kubernetes simulator can inject a crash-looping pod. This lets you test whether your pipeline correctly detects anomalies without having to wait for them to happen naturally. A consistent set of command-line flags applies to all 13 tools. You can set an output rate in events per second, generate a fixed number of events and stop, backfill a period of historical events at full speed, or stream continuously. A seed flag makes the output byte-identical across runs, which is useful for writing repeatable tests. Running any of the tools requires no installation. A single command using uvx (a Python tool runner) fetches and runs the tool directly from the repository. Each simulator can write to standard output, a file, or a UDP or TCP network collector. The project is Apache 2.0 licensed, meaning you can use it freely in commercial projects.

Copy-paste prompts

Prompt 1
I'm testing a SIEM pipeline. Use logsim-windows to generate 10,000 Windows Security Events with the brute-force scenario and send them to a UDP collector at localhost:5514.
Prompt 2
Show me how to backfill 24 hours of logsim-iot sensor data to a file and then switch to live streaming.
Prompt 3
I need a reproducible test fixture of 1,000 Cisco ASA firewall events. Give me the exact logsim-asa command with --seed and --start-time.
Prompt 4
Generate logsim-app JSON logs with embedded PII for a redaction pipeline demo, then list what PII fields appear in the output.
Prompt 5
How do I run log-simulators without cloning the repo and what is the only requirement to use uvx?

Frequently asked questions

What is log-simulators?

A collection of 13 Python log generators producing realistic web, IoT, firewall, Windows, Kubernetes, and cloud logs for testing SIEM and data pipelines, with no install needed.

What language is log-simulators written in?

Mainly Python. The stack also includes Python, uv/uvx.

What license does log-simulators use?

Use freely for any purpose, including commercial use, with attribution and license notice kept.

How hard is log-simulators to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is log-simulators for?

Mainly ops devops.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Scan in gitsafehub Deploy in gitdeployhub expanso-io on gitmyhub

Verify against the repo before relying on details.