MCP Servers

MCP Log Analyzer

A Model Context Protocol server that analyzes various log types on Windows systems, allowing users to register, query, and analyze logs from different sources including Windows Event Logs, ETL files, and structured/unstructured text logs.

README

MCP Log Analyzer

A Model Context Protocol (MCP) server for analyzing different types of logs on Windows systems, built with the FastMCP framework.

Features

Multiple Log Format Support
- Windows Event Logs (EVT/EVTX)
- Windows Event Trace Logs (ETL)
- Structured Logs (JSON, XML)
- CSV Logs
- Unstructured Text Logs
MCP Tools
- register_log_source: Register new log sources
- list_log_sources: View all registered sources
- get_log_source: Get details about a specific source
- delete_log_source: Remove a log source
- query_logs: Query logs with filters and pagination
- analyze_logs: Perform analysis (summary, pattern, anomaly)
MCP Resources
- logs://sources: View registered log sources
- logs://types: Learn about supported log types
- logs://analysis-types: Understand analysis options
- system://windows-event-logs: Recent Windows System and Application event logs
- system://linux-logs: Linux systemd journal and application logs
- system://process-list: Current processes with PID, CPU, and memory usage
- system://netstat: Network connections and statistics for troubleshooting
MCP Prompts
- Log analysis quickstart guide
- Troubleshooting guide
- Windows Event Log specific guide

Installation

# Clone the repository
git clone https://github.com/your-username/mcp-log-analyzer.git
cd mcp-log-analyzer

# Install the package
pip install -e .

# For ETL file support (optional)
pip install -e ".[etl]"

# For development dependencies
pip install -e ".[dev]"

Windows Setup

On Windows, the package includes Windows Event Log support via pywin32. If you encounter import errors:

# Ensure Windows dependencies are installed
pip install pywin32>=300

# Test the setup
python test_windows_setup.py

# If successful, start the server
python main.py

Note: On first install of pywin32, you may need to run the post-install script:

python Scripts/pywin32_postinstall.py -install

Usage

Understanding MCP Servers

MCP (Model Context Protocol) servers don't have traditional web endpoints. They communicate via stdin/stdout with MCP clients (like Claude Code). When you run python main.py, the server starts silently and waits for MCP protocol messages.

Testing the Server

# Test that the server is working
python check_server.py

# See usage instructions
python check_server.py --usage

Starting the MCP Server

# Run directly
python main.py

# Or use Claude Code's MCP integration
claude mcp add mcp-log-analyzer python main.py

Using with Claude Code

Add the server to Claude Code:

claude mcp add mcp-log-analyzer python /path/to/main.py

Use the tools in Claude Code:
- Register a log source: Use the register_log_source tool
- Query logs: Use the query_logs tool
- Analyze logs: Use the analyze_logs tool
Access resources:
- Reference resources using @mcp-log-analyzer:logs://sources
- Get help with prompts like /mcp__mcp-log-analyzer__log_analysis_quickstart

System Monitoring Resources

These resources provide real-time system information without needing to register log sources:

Check System Processes:
- Access via @mcp-log-analyzer:system://process-list
- Shows top processes by CPU usage with memory information
Windows Event Logs (Windows only):
- Default: @mcp-log-analyzer:system://windows-event-logs (last 10 entries)
- By count: @mcp-log-analyzer:system://windows-event-logs/last/50 (last 50 entries)
- By time: @mcp-log-analyzer:system://windows-event-logs/time/30m (last 30 minutes)
- By range: @mcp-log-analyzer:system://windows-event-logs/range/2025-01-07 13:00/2025-01-07 14:00
- Shows System and Application event log entries
Linux System Logs (Linux only):
- Default: @mcp-log-analyzer:system://linux-logs (last 50 lines)
- By count: @mcp-log-analyzer:system://linux-logs/last/100 (last 100 lines)
- By time: @mcp-log-analyzer:system://linux-logs/time/1h (last hour)
- By range: @mcp-log-analyzer:system://linux-logs/range/2025-01-07 13:00/2025-01-07 14:00
- Shows systemd journal, syslog, and common application logs
Network Monitoring (Cross-platform):
- Default: @mcp-log-analyzer:system://netstat (listening ports)
- Listening ports: @mcp-log-analyzer:system://netstat/listening
- Established connections: @mcp-log-analyzer:system://netstat/established
- All connections: @mcp-log-analyzer:system://netstat/all
- Network statistics: @mcp-log-analyzer:system://netstat/stats
- Routing table: @mcp-log-analyzer:system://netstat/routing
- Port-specific: @mcp-log-analyzer:system://netstat/port/80
- Uses netstat on Windows, ss (preferred) or netstat on Linux

Time Format Examples:

Relative time: 30m (30 minutes), 2h (2 hours), 1d (1 day)
Absolute time: 2025-01-07 13:00, 2025-01-07 13:30:15, 07/01/2025 13:00

Example Workflow

Register a Windows System Log:

Use register_log_source tool with:
- name: "system-logs"
- source_type: "evt"
- path: "System"

Query Recent Errors:

Use query_logs tool with:
- source_name: "system-logs"
- filters: {"level": "Error"}
- limit: 10

Analyze Patterns:

Use analyze_logs tool with:
- source_name: "system-logs"
- analysis_type: "pattern"

Register an ETL File:

Use register_log_source tool with:
- name: "network-trace"
- source_type: "etl"
- path: "C:\\Traces\\network.etl"

Development

# Run tests
pytest

# Code formatting
black .
isort .

# Type checking
mypy src

# Run all quality checks
black . && isort . && mypy src && flake8

Project Structure

src/mcp_log_analyzer/: Main package
- mcp_server/: MCP server implementation using FastMCP
- core/: Core functionality and models
- parsers/: Log parsers for different formats
main.py: Server entry point
.mcp.json: MCP configuration
tests/: Test files

Requirements

Python 3.12+
Windows OS (for Event Log support)
See pyproject.toml for full dependencies

License

MIT

Recommended Servers

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official

Featured

TypeScript

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official

Featured

Local

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official

Featured

Python

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official

Featured

TypeScript

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official

Featured

E2B

Using MCP to run code via e2b.

Official

Featured

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official

Featured

Neon Database

MCP server for interacting with Neon Management API and databases

Official

Featured