During DFIR investigations, especially in NGINX environments, we’re often handed a messy directory full of rotated and compressed log files — access.log, access.log-20250624, error.log-20250623.xz, and so on.
Sound familiar?
To streamline this chaos, I built a simple but powerful tool: the Log Combiner Tool.
This Python script:
🧩 Reads both plain
.logand compressed.xzfiles🔍 Automatically detects
access,error, andssllogs📂 Combines them into clean, single log files per type
🧠 Keeps original folder structure in the output
⚡ Uses multithreading to chew through large directories fast
🧼 Outputs ready-to-index logs for Splunk or your tool of choice
Whether you’re triaging web logs or prepping for timeline analysis, this saves hours of manual cleanup.
Example input:
A pile of messy .log and .xz files across subdirectories.
Example output:combined-access.log, combined-error.log, and combined-ssl.log in a neatly mirrored structure.
👉 Grab it on GitHub and drop it into your DFIR toolbox.
You’ll thank yourself next time the logs come in compressed and chaotic.