Finfinder.SeqMcpServer
MCP (Model Context Protocol) server for Seq centralized logging platform. Provides AI assistants with tools to query logs, run SQL, list signals, dashboards, alerts, and more.
Ask AI about Finfinder.SeqMcpServer
Powered by Claude Β· Grounded in docs
I know everything about Finfinder.SeqMcpServer. Ask me about installation, configuration, usage, or troubleshooting.
0/500
Reviews
Documentation
Seq MCP Server
A Model Context Protocol (MCP) server that connects AI agents to Seq β a centralized structured logging platform. This server enables LLMs to search log events, execute SQL queries, inspect dashboards, alerts, signals, and more through natural language interactions.
Use Cases
- Log Investigation: Search and filter log events with Seq filter expressions. Let AI help you find errors, trace issues, and analyze patterns across your log data.
- SQL Analytics: Execute SQL queries against your Seq event stream. Aggregate, group, and analyze log data using natural language that translates to Seq SQL.
- Dashboard Inspection: Browse shared dashboards and their chart definitions to understand monitoring configurations.
- Alert Monitoring: Check configured alerts and their current state to quickly assess system health.
- Signal Discovery: List shared signals (saved filters/views) to understand how your team categorizes log data.
- Infrastructure Insights: Retrieve server diagnostics, retention policies, and system metrics for operational awareness.
Prerequisites
- .NET 9.0 SDK or later
- A running Seq instance 2025.1 or later (local or remote)
- An MCP-compatible client (VS Code, Claude Desktop, Cursor, Windsurf, or any other MCP host)
Version Compatibility
Each SeqMcpServer release is built against a specific version of the Seq.Api SDK, which determines the minimum required Seq server version. Choose the MCP server version that matches your Seq installation.
| SeqMcpServer | Seq.Api SDK | Seq API | Min. Seq Server | .NET | Status |
|---|---|---|---|---|---|
| 2.0.1 | 2025.2.2 | v11 | 2025.1+ | 9.0 | Current |
| 2.0.0 | 2025.2.2 | v11 | 2025.1+ | 9.0 | Maintenance |
| 1.1.0 | 2024.3.0 | v10 | 2024.x and earlierΒΉ | 9.0 | Maintenance |
| 1.0.0 | 2024.3.0 | v10 | 2024.x and earlierΒΉ | 9.0 | Maintenance |
ΒΉ The Seq.Api SDK version number follows the Seq server release cycle. SDK 2024.3.0 is tested against Seq 2024.x. Older Seq versions supporting API v10 may also work but are not officially tested.
Tip: Not sure which version to use? If your Seq server is 2025.1 or newer, use SeqMcpServer 2.0.0. For Seq 2024.x or earlier, use SeqMcpServer 1.1.0. The version compatibility table will be updated as new releases target newer Seq API versions.
Getting Started
1. Build the server
git clone <repository-url>
cd src/SeqMcpServer
dotnet build
2. Configure your MCP client
The server communicates over stdio and is configured entirely through environment variables.
VS Code
Add the following to your VS Code MCP settings (.vscode/mcp.json or user settings):
{
"servers": {
"seq": {
"type": "stdio",
"command": "dotnet",
"args": ["run", "--project", "/absolute/path/to/SeqMcpServer"],
"env": {
"SEQ_URL": "http://localhost:5341",
"SEQ_API_KEY": "your-seq-api-key"
}
}
}
}
Claude Desktop
Edit your claude_desktop_config.json:
{
"mcpServers": {
"seq": {
"command": "dotnet",
"args": ["run", "--project", "/absolute/path/to/SeqMcpServer"],
"env": {
"SEQ_URL": "http://localhost:5341",
"SEQ_API_KEY": "your-seq-api-key"
}
}
}
}
Cursor
Add to your Cursor MCP configuration:
{
"mcpServers": {
"seq": {
"command": "dotnet",
"args": ["run", "--project", "/absolute/path/to/SeqMcpServer"],
"env": {
"SEQ_URL": "http://localhost:5341",
"SEQ_API_KEY": "your-seq-api-key"
}
}
}
}
Using a compiled binary
For better startup performance, publish the server first:
dotnet publish -c Release -o ./publish
Then reference the binary directly in your MCP client configuration:
{
"servers": {
"seq": {
"type": "stdio",
"command": "/absolute/path/to/publish/SeqMcpServer.exe",
"env": {
"SEQ_URL": "http://localhost:5341",
"SEQ_API_KEY": "your-seq-api-key"
}
}
}
}
Configuration
The server is configured exclusively through environment variables β no configuration files are needed.
| Variable | Required | Default | Description |
|---|---|---|---|
SEQ_URL | No | http://localhost:5341 | Base URL of your Seq instance |
SEQ_API_KEY | No | (none) | Seq API key for authentication. If omitted, connects without authentication |
Note: Startup diagnostics (including the server version and authentication status) are written to
stderrfor visibility without interfering with the MCP stdio transport.
Available Tools
The server exposes 8 MCP tools that provide comprehensive access to Seq functionality:
Log Querying
| Tool | Description |
|---|---|
seq_query_logs | Search Seq log events using filter expressions |
seq_run_sql | Execute SQL queries against Seq log data |
Configuration & Monitoring
| Tool | Description |
|---|---|
seq_list_signals | List shared signals (saved filters/views) |
seq_list_dashboards | List shared dashboards with chart definitions |
seq_get_alerts | Get configured alerts and their current state |
seq_get_retention | Get retention policies configured in Seq |
Server Information
| Tool | Description |
|---|---|
seq_get_diagnostics | Get Seq server diagnostics and system metrics |
seq_get_version | Get MCP server version and runtime information |
Tool Reference
seq_query_logs
Search Seq log events using a filter expression. Returns matching events with timestamps, levels, messages, and properties.
Parameters:
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
filter | string | No | "" | Seq filter expression (e.g., @Level = "Error", Application = "MyApp"). Leave empty for all events. |
count | int | No | 50 | Maximum number of events to return (1β500) |
fromUtc | string | No | Last 24 hours | ISO 8601 start time (e.g., 2025-01-15T00:00:00Z) |
toUtc | string | No | Now | ISO 8601 end time |
Example prompts:
- "Show me the last 10 error logs"
- "Find all logs from the PaymentService in the last hour"
- "Search for logs containing 'timeout' with level Warning or Error"
seq_run_sql
Execute a SQL query against Seq log data using standard Seq SQL syntax.
Parameters:
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
query | string | Yes | β | SQL query to execute (e.g., select count(*) from stream group by @Level) |
fromUtc | string | No | Last 24 hours | ISO 8601 range start |
toUtc | string | No | Now | ISO 8601 range end |
Safety: A
LIMIT 1000clause is automatically appended if no limit is specified to prevent excessive data retrieval.
Example prompts:
- "Count log events grouped by level for the last 24 hours"
- "Show the top 10 most frequent error messages this week"
- "What is the average response time per endpoint?"
seq_list_signals
List all shared signals (saved log filters/views) defined in Seq.
No parameters required.
Returns: Signal ID, title, description, and filter expressions for each shared signal.
seq_list_dashboards
List all shared dashboards configured in Seq with their chart definitions.
No parameters required.
Returns: Dashboard ID, title, and nested chart definitions including queries with filter and group-by clauses.
seq_get_alerts
Get all configured alerts and their current state from Seq.
No parameters required.
Returns: Alert state data including configuration and current trigger status.
seq_get_retention
Get all retention policies configured in Seq, showing how long log data is kept.
No parameters required.
Returns: Policy ID, retention period (in days), and associated signal expressions.
seq_get_diagnostics
Get Seq server diagnostics including ingestion status, storage usage, and system metrics.
No parameters required.
Returns: Comprehensive diagnostics report with ingestion, storage, and system health metrics.
seq_get_version
Get the MCP server version, name, and runtime information.
No parameters required.
Returns: Server name, version number, and .NET runtime description.
Architecture
SeqMcpServer/
βββ Program.cs # Entry point, DI registration, MCP server setup
βββ VersionInfo.cs # Assembly-based version resolution
βββ Tools/
βββ JsonDefaults.cs # Shared JSON serialization options
βββ QueryLogsTool.cs # seq_query_logs β event search
βββ SqlQueryTool.cs # seq_run_sql β SQL queries
βββ SignalsTool.cs # seq_list_signals
βββ DashboardsTool.cs # seq_list_dashboards
βββ AlertsTool.cs # seq_get_alerts
βββ RetentionPoliciesTool.cs # seq_get_retention
βββ DiagnosticsTool.cs # seq_get_diagnostics
βββ VersionTool.cs # seq_get_version
- Transport: stdio (standard input/output)
- Tool discovery: Automatic via
[McpServerToolType]and[McpServerTool]attributes - Seq integration: SDK-first approach β Seq.Api SDK for typed access (7 tools), named
HttpClientfor raw API endpoints (1 tool) - Error handling: All tools return JSON-serialized errors β no exceptions propagate to the MCP host
Security Considerations
SeqMcpServer acts as a transparent proxy between the AI agent (LLM) and the Seq API. User-provided SQL queries (seq_run_sql) and filter expressions (seq_query_logs) are forwarded to Seq without server-side sanitization. This is by design:
- Seq SQL is read-only β the Seq query language supports only
SELECTstatements and aggregations over the event stream. There are no DML operations (INSERT, UPDATE, DELETE) or DDL operations (CREATE, DROP, ALTER). - Authorization is enforced by Seq β the Seq server controls access based on the API key permissions. The MCP server does not implement its own authorization layer.
- Built-in guardrails β the MCP server automatically appends
LIMIT 1000to SQL queries that lack a limit clause and clamps the event count to 1β500 for log queries, preventing excessive data retrieval.
Recommendation: Always use a Seq API key with the minimum required permissions (principle of least privilege). If the key only needs read access to logs, do not grant administrative or write permissions. See the Seq API key documentation for details on configuring key permissions.
Tech Stack
| Component | Version |
|---|---|
| .NET | 9.0 |
| ModelContextProtocol | 0.1.0-preview.9 |
| Seq.Api | 2025.2.2 |
| Microsoft.Extensions.Hosting | 9.0.0 |
| Microsoft.Extensions.Http | 9.0.0 |
For a detailed mapping of SeqMcpServer versions to Seq server compatibility, see Version Compatibility.
Testing
The project includes unit tests and integration tests.
Unit tests
dotnet test SeqMcpServer.Tests.Unit
No external dependencies required β runs entirely in-process with mocked HTTP handlers.
Integration tests
dotnet test SeqMcpServer.Tests.Integration
Requires Docker β Testcontainers automatically starts a datalust/seq:2025.2 container, seeds test data, runs all tests, and cleans up.
All tests
dotnet test
Code Quality
This project is continuously analyzed by SonarCloud for code quality and security.
- CI-based analysis: The
sonar.ymlworkflow runs SonarScanner for .NET on every push tomain, version branches, and pull requests. - Code coverage: Unit and integration tests generate OpenCover coverage reports via coverlet, which are uploaded to SonarCloud for coverage analysis and PR decoration.
- PR decoration: SonarCloud automatically posts analysis results as comments on pull requests, including new issues, quality gate status, and coverage changes.
- Quality Gate: The project uses the "Sonar way" quality gate β new code must pass all conditions before merging.
SonarQube for IDE (Real-time Analysis)
SonarQube for IDE (formerly SonarLint) provides real-time code analysis directly in VS Code. With Connected Mode, it synchronizes the Quality Profile from SonarCloud, ensuring the same rules are applied locally and in CI.
Requirements: Java 17+, SonarCloud account with access to the finfinder organization.
Installation:
- Install the extension from VS Code Marketplace: search for "SonarQube for IDE" or run:
code --install-extension SonarSource.sonarlint-vscode - Open this project in VS Code. The extension will detect the
.sonarlint/connectedMode.jsonshared binding and prompt you to configure Connected Mode. - Click "Use Configuration" when prompted, then provide your User Token.
- To generate a User Token, go to SonarCloud Security and create a new token (type: User Token).
Important: Your User Token is personal and must not be committed to the repository. Each developer generates their own token.
What Connected Mode provides:
- Synchronized Quality Profile rules from SonarCloud
- Suppression of issues marked as Accepted/False Positive on the server
- Focus on new code analysis
- Smart notifications about Quality Gate changes
- Branch awareness compatible with the project's versioned branch model
SonarQube MCP Server (Optional)
The SonarQube MCP Server enables AI agents (GitHub Copilot) to query SonarCloud analysis results directly from VS Code. This integration is used by the code-reviewer and software-engineer agents.
Requirements: Docker
Add the following to your .vscode/mcp.json:
{
"servers": {
"sonarqube": {
"command": "docker",
"args": ["run", "-i", "--rm",
"-e", "SONAR_TOKEN",
"-e", "SONAR_HOST_URL=https://sonarcloud.io",
"-e", "SONAR_ORGANIZATION=finfinder",
"mcp/sonarqube"
],
"env": {
"SONAR_TOKEN": "${input:sonarToken}"
}
}
}
}
To generate a SONAR_TOKEN, go to SonarCloud Security and create a new token with Execute Analysis scope.
Contributing
Contributions are welcome! Please read CONTRIBUTING.md for guidelines on how to get started.
Security
To report a security vulnerability, please see SECURITY.md for instructions.
Changelog
See CHANGELOG.md for a detailed history of changes.
License
This project is licensed under the MIT License.