A syslog ingestion engine that turns your homelab into a queryable log warehouse. Listens on UDP and TCP port 1514, writes to SQLite with FTS5 full-text indexing, and exposes 40+ MCP actions for drilling into errors, correlating events across hosts, tracking AI transcript sessions, detecting abuse patterns, and comparing time ranges. The single `cortex` tool uses an action parameter to switch between search, filter, tail, anomalies, compose_status, and dozens of other operations. Ships with six infrastructure prompts for incident triage, host health checks, and auth review. Runs as a daemon with an RMCP HTTP server on port 3100 or stdio for local clients. Built in Rust, packaged as a Docker container.
claude mcp add --transport stdio jmagar-cortex uvx cortex