diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 0000000..bae6fa5
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,47 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [main, master, develop, regression-audit]
+    paths-ignore:
+      - "**/*.php"
+      - "**/*.md"
+  pull_request:
+    branches: [main, master, develop, regression-audit]
+    paths-ignore:
+      - "**/*.php"
+      - "**/*.md"
+  schedule:
+    - cron: "30 1 * * 1"
+  workflow_dispatch:
+
+concurrency:
+  group: codeql-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  analyze:
+    name: Analyze (${{ matrix.language }})
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ["javascript-typescript", "python", "ruby"]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3
+        with:
+          languages: ${{ matrix.language }}
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3
+        with:
+          category: "/language:${{ matrix.language }}"
diff --git a/composer.json b/composer.json
new file mode 100644
index 0000000..bf352f7
--- /dev/null
+++ b/composer.json
@@ -0,0 +1,18 @@
+{
+    "name": "cacti/plugin_syslog",
+    "description": "plugin_syslog plugin for Cacti",
+    "license": "GPL-2.0-or-later",
+    "require-dev": {
+        "pestphp/pest": "^1.23"
+    },
+    "config": {
+        "allow-plugins": {
+            "pestphp/pest-plugin": true
+        }
+    },
+    "autoload-dev": {
+        "files": [
+            "tests/bootstrap.php"
+        ]
+    }
+}
diff --git a/tests/Pest.php b/tests/Pest.php
new file mode 100644
index 0000000..e2132a3
--- /dev/null
+++ b/tests/Pest.php
@@ -0,0 +1,14 @@
+<?php
+/*
+ +-------------------------------------------------------------------------+
+ | Copyright (C) 2004-2026 The Cacti Group                                 |
+ +-------------------------------------------------------------------------+
+ | Cacti: The Complete RRDtool-based Graphing Solution                     |
+ +-------------------------------------------------------------------------+
+*/
+
+/*
+ * Pest configuration file.
+ */
+
+require_once __DIR__ . '/bootstrap.php';
diff --git a/tests/Security/Php74CompatibilityTest.php b/tests/Security/Php74CompatibilityTest.php
new file mode 100644
index 0000000..98796b6
--- /dev/null
+++ b/tests/Security/Php74CompatibilityTest.php
@@ -0,0 +1,106 @@
+<?php
+/*
+ +-------------------------------------------------------------------------+
+ | Copyright (C) 2004-2026 The Cacti Group                                 |
+ +-------------------------------------------------------------------------+
+ | Cacti: The Complete RRDtool-based Graphing Solution                     |
+ +-------------------------------------------------------------------------+
+*/
+
+/*
+ * Verify plugin source files do not use PHP 8.0+ syntax.
+ * Cacti 1.2.x plugins must remain compatible with PHP 7.4.
+ */
+
+describe('PHP 7.4 compatibility in syslog', function () {
+	$files = array(
+		'database.php',
+		'functions.php',
+		'setup.php',
+		'syslog.php',
+		'syslog_alerts.php',
+		'syslog_process.php',
+		'syslog_removal.php',
+		'syslog_reports.php',
+	);
+
+	it('does not use str_contains (PHP 8.0)', function () use ($files) {
+		foreach ($files as $relativeFile) {
+			$path = realpath(__DIR__ . '/../../' . $relativeFile);
+
+			if ($path === false) {
+				continue;
+			}
+
+			$contents = file_get_contents($path);
+
+			if ($contents === false) {
+				continue;
+			}
+
+			expect(preg_match('/\bstr_contains\s*\(/', $contents))->toBe(0,
+				"{$relativeFile} uses str_contains() which requires PHP 8.0"
+			);
+		}
+	});
+
+	it('does not use str_starts_with (PHP 8.0)', function () use ($files) {
+		foreach ($files as $relativeFile) {
+			$path = realpath(__DIR__ . '/../../' . $relativeFile);
+
+			if ($path === false) {
+				continue;
+			}
+
+			$contents = file_get_contents($path);
+
+			if ($contents === false) {
+				continue;
+			}
+
+			expect(preg_match('/\bstr_starts_with\s*\(/', $contents))->toBe(0,
+				"{$relativeFile} uses str_starts_with() which requires PHP 8.0"
+			);
+		}
+	});
+
+	it('does not use str_ends_with (PHP 8.0)', function () use ($files) {
+		foreach ($files as $relativeFile) {
+			$path = realpath(__DIR__ . '/../../' . $relativeFile);
+
+			if ($path === false) {
+				continue;
+			}
+
+			$contents = file_get_contents($path);
+
+			if ($contents === false) {
+				continue;
+			}
+
+			expect(preg_match('/\bstr_ends_with\s*\(/', $contents))->toBe(0,
+				"{$relativeFile} uses str_ends_with() which requires PHP 8.0"
+			);
+		}
+	});
+
+	it('does not use nullsafe operator (PHP 8.0)', function () use ($files) {
+		foreach ($files as $relativeFile) {
+			$path = realpath(__DIR__ . '/../../' . $relativeFile);
+
+			if ($path === false) {
+				continue;
+			}
+
+			$contents = file_get_contents($path);
+
+			if ($contents === false) {
+				continue;
+			}
+
+			expect(preg_match('/\?->/', $contents))->toBe(0,
+				"{$relativeFile} uses nullsafe operator which requires PHP 8.0"
+			);
+		}
+	});
+});
diff --git a/tests/Security/PreparedStatementConsistencyTest.php b/tests/Security/PreparedStatementConsistencyTest.php
new file mode 100644
index 0000000..0b333b0
--- /dev/null
+++ b/tests/Security/PreparedStatementConsistencyTest.php
@@ -0,0 +1,64 @@
+<?php
+/*
+ +-------------------------------------------------------------------------+
+ | Copyright (C) 2004-2026 The Cacti Group                                 |
+ +-------------------------------------------------------------------------+
+ | Cacti: The Complete RRDtool-based Graphing Solution                     |
+ +-------------------------------------------------------------------------+
+*/
+
+/*
+ * Verify migrated files use prepared DB helpers exclusively.
+ * Catches regressions where raw db_execute/db_fetch_* calls creep back in.
+ */
+
+describe('prepared statement consistency in syslog', function () {
+	it('uses prepared DB helpers in all plugin files', function () {
+		$targetFiles = array(
+		'database.php',
+		'functions.php',
+		'setup.php',
+		'syslog.php',
+		'syslog_alerts.php',
+		'syslog_process.php',
+		'syslog_removal.php',
+		'syslog_reports.php',
+		);
+
+		$rawPattern = '/\bdb_(?:execute|fetch_row|fetch_assoc|fetch_cell)\s*\(/';
+		$preparedPattern = '/\bdb_(?:execute|fetch_row|fetch_assoc|fetch_cell)_prepared\s*\(/';
+
+		foreach ($targetFiles as $relativeFile) {
+			$path = realpath(__DIR__ . '/../../' . $relativeFile);
+
+			if ($path === false) {
+				continue;
+			}
+
+			$contents = file_get_contents($path);
+
+			if ($contents === false) {
+				continue;
+			}
+
+			$lines = explode("\n", $contents);
+			$rawCallsOutsideComments = 0;
+
+			foreach ($lines as $line) {
+				$trimmed = ltrim($line);
+
+				if (strpos($trimmed, '//') === 0 || strpos($trimmed, '*') === 0 || strpos($trimmed, '#') === 0) {
+					continue;
+				}
+
+				if (preg_match($rawPattern, $line) && !preg_match($preparedPattern, $line)) {
+					$rawCallsOutsideComments++;
+				}
+			}
+
+			expect($rawCallsOutsideComments)->toBe(0,
+				"File {$relativeFile} contains raw (unprepared) DB calls"
+			);
+		}
+	});
+});
diff --git a/tests/Security/SetupStructureTest.php b/tests/Security/SetupStructureTest.php
new file mode 100644
index 0000000..c8d6bac
--- /dev/null
+++ b/tests/Security/SetupStructureTest.php
@@ -0,0 +1,36 @@
+<?php
+/*
+ +-------------------------------------------------------------------------+
+ | Copyright (C) 2004-2026 The Cacti Group                                 |
+ +-------------------------------------------------------------------------+
+ | Cacti: The Complete RRDtool-based Graphing Solution                     |
+ +-------------------------------------------------------------------------+
+*/
+
+/*
+ * Verify setup.php defines required plugin hooks and info function.
+ */
+
+describe('syslog setup.php structure', function () {
+	$source = file_get_contents(realpath(__DIR__ . '/../../setup.php'));
+
+	it('defines plugin_syslog_install function', function () use ($source) {
+		expect($source)->toContain('function plugin_syslog_install');
+	});
+
+	it('defines plugin_syslog_version function', function () use ($source) {
+		expect($source)->toContain('function plugin_syslog_version');
+	});
+
+	it('defines plugin_syslog_uninstall function', function () use ($source) {
+		expect($source)->toContain('function plugin_syslog_uninstall');
+	});
+
+	it('returns version array with name key', function () use ($source) {
+		expect($source)->toMatch('/[\'\""]name[\'\""]\s*=>/');
+	});
+
+	it('returns version array with version key', function () use ($source) {
+		expect($source)->toMatch('/[\'\""]version[\'\""]\s*=>/');
+	});
+});
diff --git a/tests/bootstrap.php b/tests/bootstrap.php
new file mode 100644
index 0000000..0aa22f2
--- /dev/null
+++ b/tests/bootstrap.php
@@ -0,0 +1,200 @@
+<?php
+/*
+ +-------------------------------------------------------------------------+
+ | Copyright (C) 2004-2026 The Cacti Group                                 |
+ +-------------------------------------------------------------------------+
+ | Cacti: The Complete RRDtool-based Graphing Solution                     |
+ +-------------------------------------------------------------------------+
+*/
+
+/*
+ * Test bootstrap: stub Cacti framework functions so plugin code
+ * can be loaded in isolation without the full Cacti application.
+ */
+
+$GLOBALS['__test_db_calls'] = array();
+
+if (!function_exists('db_execute')) {
+	function db_execute($sql) {
+		$GLOBALS['__test_db_calls'][] = array('fn' => 'db_execute', 'sql' => $sql, 'params' => array());
+		return true;
+	}
+}
+
+if (!function_exists('db_execute_prepared')) {
+	function db_execute_prepared($sql, $params = array()) {
+		$GLOBALS['__test_db_calls'][] = array('fn' => 'db_execute_prepared', 'sql' => $sql, 'params' => $params);
+		return true;
+	}
+}
+
+if (!function_exists('db_fetch_assoc')) {
+	function db_fetch_assoc($sql) {
+		return array();
+	}
+}
+
+if (!function_exists('db_fetch_assoc_prepared')) {
+	function db_fetch_assoc_prepared($sql, $params = array()) {
+		return array();
+	}
+}
+
+if (!function_exists('db_fetch_row')) {
+	function db_fetch_row($sql) {
+		return array();
+	}
+}
+
+if (!function_exists('db_fetch_row_prepared')) {
+	function db_fetch_row_prepared($sql, $params = array()) {
+		return array();
+	}
+}
+
+if (!function_exists('db_fetch_cell')) {
+	function db_fetch_cell($sql) {
+		return '';
+	}
+}
+
+if (!function_exists('db_fetch_cell_prepared')) {
+	function db_fetch_cell_prepared($sql, $params = array()) {
+		return '';
+	}
+}
+
+if (!function_exists('db_index_exists')) {
+	function db_index_exists($table, $index) {
+		return false;
+	}
+}
+
+if (!function_exists('db_column_exists')) {
+	function db_column_exists($table, $column) {
+		return false;
+	}
+}
+
+if (!function_exists('api_plugin_db_add_column')) {
+	function api_plugin_db_add_column($plugin, $table, $data) {
+		return true;
+	}
+}
+
+if (!function_exists('api_plugin_db_table_create')) {
+	function api_plugin_db_table_create($plugin, $table, $data) {
+		return true;
+	}
+}
+
+if (!function_exists('read_config_option')) {
+	function read_config_option($name, $force = false) {
+		return '';
+	}
+}
+
+if (!function_exists('set_config_option')) {
+	function set_config_option($name, $value) {
+	}
+}
+
+if (!function_exists('html_escape')) {
+	function html_escape($string) {
+		return htmlspecialchars($string, ENT_QUOTES | ENT_HTML5, 'UTF-8');
+	}
+}
+
+if (!function_exists('__')) {
+	function __($text, $domain = '') {
+		return $text;
+	}
+}
+
+if (!function_exists('__esc')) {
+	function __esc($text, $domain = '') {
+		return htmlspecialchars($text, ENT_QUOTES | ENT_HTML5, 'UTF-8');
+	}
+}
+
+if (!function_exists('cacti_log')) {
+	function cacti_log($message, $also_print = false, $log_type = '', $level = 0) {
+	}
+}
+
+if (!function_exists('cacti_sizeof')) {
+	function cacti_sizeof($array) {
+		return is_array($array) ? count($array) : 0;
+	}
+}
+
+if (!function_exists('is_realm_allowed')) {
+	function is_realm_allowed($realm) {
+		return true;
+	}
+}
+
+if (!function_exists('raise_message')) {
+	function raise_message($id, $text = '', $level = 0) {
+	}
+}
+
+if (!function_exists('get_request_var')) {
+	function get_request_var($name) {
+		return '';
+	}
+}
+
+if (!function_exists('get_nfilter_request_var')) {
+	function get_nfilter_request_var($name) {
+		return '';
+	}
+}
+
+if (!function_exists('get_filter_request_var')) {
+	function get_filter_request_var($name) {
+		return '';
+	}
+}
+
+if (!function_exists('form_input_validate')) {
+	function form_input_validate($value, $name, $regex, $optional, $error) {
+		return $value;
+	}
+}
+
+if (!function_exists('is_error_message')) {
+	function is_error_message() {
+		return false;
+	}
+}
+
+if (!function_exists('sql_save')) {
+	function sql_save($array, $table, $key = 'id') {
+		return isset($array['id']) ? $array['id'] : 1;
+	}
+}
+
+if (!defined('CACTI_PATH_BASE')) {
+	define('CACTI_PATH_BASE', '/var/www/html/cacti');
+}
+
+if (!defined('POLLER_VERBOSITY_LOW')) {
+	define('POLLER_VERBOSITY_LOW', 2);
+}
+
+if (!defined('POLLER_VERBOSITY_MEDIUM')) {
+	define('POLLER_VERBOSITY_MEDIUM', 3);
+}
+
+if (!defined('POLLER_VERBOSITY_DEBUG')) {
+	define('POLLER_VERBOSITY_DEBUG', 5);
+}
+
+if (!defined('POLLER_VERBOSITY_NONE')) {
+	define('POLLER_VERBOSITY_NONE', 6);
+}
+
+if (!defined('MESSAGE_LEVEL_ERROR')) {
+	define('MESSAGE_LEVEL_ERROR', 1);
+}