Mandiant Highlighter – Log and Text File Viewer Review

Product Review – Mandiant Highlighter

Today we are looking at Mandiant Highlighter; Log and Text File Viewer

Product home page can be found here

Cost: Free!


MANDIANT Highlighter is a log file analysis tool. Highlighter provides a graphical component to log
analysis that helps the analyst identify patterns. Highlighter also provides a number of features aimed
at providing the analyst with mechanisms to weed through irrelevant data and pinpoint relevant data.


MANDIANT Highlighter can:
• Display an overview of a text file in a graphical representation.
• Highlight strings in corresponding locations within the graphical representation.
• Remove lines from being displayed based upon content within the line.
• Generate a time-based histogram of activity when date/time stamps are available.
• Save the “state” of highlight and removal selections.

What is it used for?

If you are manually reviewing a text or log file this tool helps filter out the noise and recognize patterns

Let’s take it for a spin!

 Slicing up an apache error.log file

  1. Remove lines that are informational
  2. Highlight known malicious requests (ex: \htdocs\admin)
  3. Enable “Cumulative” feature to highlight multiple items!
Removing lines from the log file

Removing lines from the log file

Highlighting a Malicious IP Address

Highlighting a Malicious IP Address


How to highlight multiple items

How to highlight multiple items





Leave a Reply

To create code blocks or other preformatted text, indent by four spaces:

    This will be displayed in a monospaced font. The first four 
    spaces will be stripped off, but all other whitespace
    will be preserved.
    Markdown is turned off in code blocks:
     [This is not a link](

To create not a block, but an inline code span, use backticks:

Here is some inline `code`.

For more help see

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>