Skip to content
View el-bakkali's full-sized avatar

Block or report el-bakkali

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
el-bakkali/README.md

Mehdi El Bakkali

I build free, open-source tools that help engineers troubleshoot Azure cloud monitoring and web security — turning hours of investigation into seconds of answers.

I work across cloud observability, edge security, and IoT hardware — building offline-first diagnostic tools, serverless security layers, and DIY smart home devices. Everything I ship is open source, privacy-first, and designed to run at zero cost.

...troubleshooting, fixing things, and building what should already exist.

Featured

Note

Azure Monitor Tools

A curated collection of diagnostic and validation tools for Azure Monitor data collection pipelines — DCR validation, syslog/CEF analysis, AMA network diagnostics, log ingestion troubleshooting, and AI-powered threat hunting.

$\color{#00C853}{\textsf{All free.}}$ $\color{#0078D4}{\textsf{All offline.}}$ $\color{#FF6D00}{\textsf{All open source.}}$

Summary

Important

  • 15 open-source projects across cloud monitoring, edge security, and IoT hardware
  • Privacy and security by default — offline processing, no telemetry, no credentials in code, validated inputs at every boundary
  • Offline-first — every desktop tool works without an internet connection, zero telemetry
  • Zero-dependency builds — custom pcap parsers, syslog/CEF parsers, and packet dissectors from scratch
  • Free tier friendly — Cloudflare Workers, Azure Flex Consumption, and ESP32 boards

Rust C# JS Python PowerShell KQL Bicep

Selected Work

Azure Monitor & Sentinel — Diagnostic and validation tools for Azure's data collection pipeline

When syslog messages aren't arriving, DCRs are silently dropping data, or the Azure Monitor Agent can't connect — these tools tell you exactly what's wrong.

  • dcr-kql-validator — DCR & KQL Transformation Validator

    • Offline desktop tool for validating Data Collection Rules and KQL transformation queries before deployment.
    • Built with Rust + Tauri. ~8 MB binary, 3 direct dependencies, zero network calls.
    • Validates ~90 allowed KQL scalar functions, detects blocked operators, checks TimeGenerated output.

  • SyslogCEFAnalyzer — Syslog & CEF Message Format Analyzer

    • Drop a .pcap or log file — instantly see which messages are valid, malformed, or missing fields.
    • 8 automated diagnostic rules: format detection, PRI validation, RFC 3164/5424, CEF, Cisco ASA/FTD, encoding, transport.
    • TCP stream reassembly, streaming pcap reader (up to 2 GB), drill-down UI. Zero NuGet packages.

  • AMANetworkAnalyzer — AMA Network Trace Analyzer

    • Diagnose Azure Monitor Agent connectivity issues from pcap/pcapng/etl/cab captures.
    • 7 diagnostic rules: endpoint connectivity, DNS resolution, firewall blocking, proxy detection, TLS/cipher compliance, Private Link/AMPLS detection.
    • Supports Azure Commercial, Government, and China sovereign clouds.

  • azure-logs-ingestion-api-troubleshooter — Logs Ingestion API Troubleshooter

    • Step-by-step Bruno API collection for diagnosing DCR stream declaration mismatches, column misalignments, and ingestion failures.
    • Pre-flight schema diff compares your JSON payload against the DCR before sending.
    • Includes a one-command demo environment deployment script.

  • azure-bruteforce-defense — AI-Powered SSH Threat Hunting

    • Conversational threat hunting — ask "Who's attacking my server?" and Azure OpenAI queries your logs and responds with structured analysis.
    • Full-stack: Ubuntu VM with Fail2ban + Azure Functions + Microsoft Sentinel + GPT-4o-mini.
    • Zero hardcoded secrets — all auth via managed identity.

  • cf-log-ingestion — Cloudflare WAF to Azure Log Analytics

    • Automated pipeline: Cloudflare GraphQL API, Python Azure Function, DCR, custom table (23 columns).
    • 42 ready-to-use KQL queries (dashboard, alerts, threat hunting, ML anomaly detection) and a deployable Azure Monitor Workbook.
    • Runs within Azure free tier for low-traffic sites.
Cloudflare Edge Security — Lightweight security tools on Cloudflare Workers (free tier)

Zero JavaScript on the client, zero cookies, zero tracking.

  • cf-bot-guard — Bot Detection & Analytics

    • Scores every visitor 0-100 using 16 detection signals. Classifies ISPs by type (hosting, mobile, residential, education, corporate).
    • Privacy-respecting analytics stored in KV with a built-in 22-panel HTML dashboard. No cookies, no JS, no PII.
    • Transparent proxy — adds intelligence headers (x-bot-score, x-isp-type) without blocking.

  • cf-email-domain-decoy — Decoy Landing Page

    • Cryptic, minimal page for email-only domains with Moroccan geometric CSS art and bot fingerprinting.
    • Zero JavaScript, zero external resources, zero PII exposure. Every path returns identical content.

  • blog-guard — Static Site Path Allowlist

    • Allowlists valid paths via KV and redirects everything else to the homepage — a silent bot trap through the rate limiter.
    • Defence-in-depth: WAF, Bot Fight Mode, Rate Limiting, blog-guard.
ESP32 & Smart Home — DIY hardware projects using ESPHome and Home Assistant

Because paying shop prices for smart home gear is daft.

  • esp32-a1s-sendspin — Multi-Room Audio (11 stars)

    • Working ESPHome config for the ESP32-A1S Audio Kit with Sendspin protocol for synchronised multi-room playback via Music Assistant.

  • esphome-air-quality-monitor — Air Quality Monitor

    • CO2, temperature, humidity & VOC monitoring on the Cheap Yellow Display (ESP32-2432S028) with a custom LVGL touchscreen UI.
    • Memory-optimised for ESP32 without PSRAM (~45-50 KB LVGL footprint).

  • esp-thread-border-router — Thread Border Router

    • ESP32-S3 + W5500 Ethernet module = a Thread Border Router with wired backhaul for about £15.
    • Replaces a £130 Apple HomePod or Google Nest Hub for Matter-over-Thread devices.

  • diy-streaming-key-light — Streaming Key Light

    • A ~£25 bi-colour LED panel with full CCT control (3200K-5600K), Home Assistant integration, and a local web UI.
    • Replaces a £200 Elgato Key Light.

Languages & Tools

Rust C# JS Python PowerShell KQL Bicep

Tauri Cloudflare Workers Azure Functions ESPHome Home Assistant Bruno

Kali Linux Ubuntu Debian pfSense Docker Proxmox Homepage OpenWrt Linux Containers Kubernetes

All projects are MIT licensed. Everything runs offline or on free tiers. No telemetry, ever.

Pinned Loading

  1. AMANetworkAnalyzer AMANetworkAnalyzer Public

    Azure Monitor Agent Network Trace Analyzer - Standalone Windows tool for diagnosing AMA connectivity issues from pcap/pcapng/etl captures

    C# 1 1

  2. azure-logs-ingestion-api-troubleshooter azure-logs-ingestion-api-troubleshooter Public

    Troubleshoot Azure Monitor Logs Ingestion API - DCR stream declaration mismatches, column misalignments, and ingestion failures. Bruno API client collection.

    Bru 1

  3. dcr-kql-validator dcr-kql-validator Public

    Offline desktop tool for validating Azure Monitor Data Collection Rules (DCR) and KQL transformation queries. Built with Rust + Tauri.

    Rust 1

  4. SyslogCEFAnalyzer SyslogCEFAnalyzer Public

    Syslog and CEF Message Format Analyzer for Azure Monitor Agent and Microsoft Sentinel

    C# 1