From e96a8b03fc0ba6ce21c9307e120838c0235426d3 Mon Sep 17 00:00:00 2001 From: rpert Date: Fri, 10 Apr 2026 21:49:17 +0000 Subject: [PATCH] Initial cross-server log inventory + anomaly scan - 10 hosts (mo1, ams, ams2, ro1, ca1, ca2, ca3, fr1, sony, termux) - discover-logs.sh: portable inventory (Linux/FreeBSD/Termux) - scan-anomalies.sh: ERROR/WARN/CRITICAL counts + journalctl + kubectl - run-all.sh: parallel SSH fan-out - build-summary.py: aggregates into reports/SUMMARY.md - 5 HIGH-severity findings identified on ro1 (apache scanner traffic, mount_monitor warnings) --- README.md | 51 ++++++++++- anomalies/ams.txt | 31 +++++++ anomalies/ams2.txt | 25 ++++++ anomalies/ca1.txt | 41 +++++++++ anomalies/ca2.txt | 41 +++++++++ anomalies/ca3.txt | 42 +++++++++ anomalies/fr1.txt | 43 ++++++++++ anomalies/mo1.txt | 79 +++++++++++++++++ anomalies/ro1.txt | 65 ++++++++++++++ anomalies/sony.txt | 140 ++++++++++++++++++++++++++++++ anomalies/termux.txt | 7 ++ logs/inventory/ams.csv | 31 +++++++ logs/inventory/ams2.csv | 73 ++++++++++++++++ logs/inventory/ca1.csv | 92 ++++++++++++++++++++ logs/inventory/ca2.csv | 48 +++++++++++ logs/inventory/ca3.csv | 9 ++ logs/inventory/fr1.csv | 106 +++++++++++++++++++++++ logs/inventory/mo1.csv | 50 +++++++++++ logs/inventory/ro1.csv | 59 +++++++++++++ logs/inventory/sony.csv | 128 ++++++++++++++++++++++++++++ logs/inventory/termux.csv | 29 +++++++ reports/SUMMARY.md | 87 +++++++++++++++++++ scripts/build-summary.py | 174 ++++++++++++++++++++++++++++++++++++++ scripts/discover-logs.sh | 51 +++++++++++ scripts/run-all.sh | 63 ++++++++++++++ scripts/scan-anomalies.sh | 72 ++++++++++++++++ 26 files changed, 1636 insertions(+), 1 deletion(-) create mode 100644 anomalies/ams.txt create mode 100644 anomalies/ams2.txt create mode 100644 anomalies/ca1.txt create mode 100644 anomalies/ca2.txt create mode 100644 anomalies/ca3.txt create mode 100644 anomalies/fr1.txt create mode 100644 anomalies/mo1.txt create mode 100644 anomalies/ro1.txt create mode 100644 anomalies/sony.txt create mode 100644 anomalies/termux.txt create mode 100644 logs/inventory/ams.csv create mode 100644 logs/inventory/ams2.csv create mode 100644 logs/inventory/ca1.csv create mode 100644 logs/inventory/ca2.csv create mode 100644 logs/inventory/ca3.csv create mode 100644 logs/inventory/fr1.csv create mode 100644 logs/inventory/mo1.csv create mode 100644 logs/inventory/ro1.csv create mode 100644 logs/inventory/sony.csv create mode 100644 logs/inventory/termux.csv create mode 100644 reports/SUMMARY.md create mode 100644 scripts/build-summary.py create mode 100755 scripts/discover-logs.sh create mode 100755 scripts/run-all.sh create mode 100755 scripts/scan-anomalies.sh diff --git a/README.md b/README.md index a7f74ca..4633b04 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,52 @@ # log_analysis -Cross-server log inventory and anomaly reports \ No newline at end of file +Cross-server log inventory and anomaly scanning across the rpert infrastructure +(10 hosts: mo1, ams, ams2, ro1, ca1, ca2, ca3, fr1, sony, termux). + +## Layout + +``` +log_analysis/ +├── README.md +├── scripts/ +│ ├── discover-logs.sh # portable log inventory (Linux/FreeBSD/Termux) +│ ├── scan-anomalies.sh # ERROR/WARN/CRITICAL counts + journalctl scan +│ └── run-all.sh # fan out both scripts to every host via SSH +├── logs/ +│ └── inventory/.csv # path,size_bytes,mtime,service +├── anomalies/ +│ └── .txt # raw anomaly findings per host +└── reports/ + └── SUMMARY.md # cross-host roll-up + recommendations +``` + +## Hosts + +| Host | OS | SSH | +|---------|----------|---------------------------| +| mo1 | Debian | local | +| ams | FreeBSD | `ssh ams` (sudo -n) | +| ams2 | FreeBSD | `ssh ams2` (sudo -n) | +| ro1 | FreeBSD | `ssh ro1` (sudo -n) | +| ca1 | Ubuntu | `ssh ca1` | +| ca2 | Debian | `ssh ca2` | +| ca3 | Debian | `ssh -p 15120 ca3` | +| fr1 | Ubuntu | `ssh fr1` | +| sony | Debian | `ssh sony` (laptop) | +| termux | Android | `ssh -p 8022 termux` | + +## Usage + +```bash +./scripts/run-all.sh # discovery + anomaly scan, all hosts +git add -A && git commit -m "refresh $(date -I)" && git push +``` + +Reports land in `reports/SUMMARY.md`. + +## Notes + +- FreeBSD hosts use `sudo -n` + `BatchMode=yes` (per memory). +- Discovery uses `locate`/`plocate` where available, falls back to scanning + `/var/log` with `du`. `find` is avoided per project preference. +- Sony and Termux may be offline; the runner skips unreachable hosts. diff --git a/anomalies/ams.txt b/anomalies/ams.txt new file mode 100644 index 0000000..55e5e96 --- /dev/null +++ b/anomalies/ams.txt @@ -0,0 +1,31 @@ +=== Anomaly scan: ams.3z8.pw (2026-04-10T21:46:07Z) === + +--- recent log files (mtime < 7d) --- +/var/log/borg-backup.log errors=21 warns=0 size=6198346 + > M /usr/local/www/apache24/error/HTTP_INTERNAL_SERVER_ERROR.html.var + > M /usr/local/www/apache24/error/HTTP_PRECONDITION_FAILED.html.var + > [2026-03-12 02:00:01] BACKUP FAILED with exit code 2 + > [2026-03-13 02:00:01] BACKUP FAILED with exit code 2 + > [2026-03-14 02:00:01] BACKUP FAILED with exit code 2 +/var/log/debug.log.0.bz2 errors=1 warns=0 size=55238 + > Binary file (standard input) matches + +--- /var/log disk usage --- + 13M /var/log + 92K /var/log/maillog.4.bz2 + 96K /var/log/maillog.3.bz2 +104K /var/log/maillog.6.bz2 +108K /var/log/maillog.2.bz2 +120K /var/log/debug.log +120K /var/log/maillog.1.bz2 +124K /var/log/maillog.0.bz2 +340K /var/log/cron +344K /var/log/messages +512K /var/log/bsdinstall_log +512K /var/log/utx.log.1 +672K /var/log/auth.log +928K /var/log/letsencrypt +1.3M /var/log/maillog +6.0M /var/log/borg-backup.log + +--- top 15 largest files under /var/log --- diff --git a/anomalies/ams2.txt b/anomalies/ams2.txt new file mode 100644 index 0000000..9761752 --- /dev/null +++ b/anomalies/ams2.txt @@ -0,0 +1,25 @@ +=== Anomaly scan: ams2.3z8.pw (2026-04-10T21:45:59Z) === + +--- recent log files (mtime < 7d) --- +/var/log/borg/cron.log errors=1 warns=0 size=265522 + > M /etc/periodic/security/520.pfdenied + +--- /var/log disk usage --- +7.7M /var/log + 68K /var/log/auth.log.6.bz2 + 72K /var/log/auth.log.0.bz2 + 72K /var/log/auth.log.3.bz2 + 72K /var/log/auth.log.4.bz2 + 72K /var/log/auth.log.5.bz2 + 76K /var/log/bsdinstall_log + 84K /var/log/maillog.2.bz2 +160K /var/log/cron +628K /var/log/borg +640K /var/log/maillog +672K /var/log/debug.log +704K /var/log/auth.log +704K /var/log/daemon.log +704K /var/log/messages +1.6M /var/log/letsencrypt + +--- top 15 largest files under /var/log --- diff --git a/anomalies/ca1.txt b/anomalies/ca1.txt new file mode 100644 index 0000000..4a68166 --- /dev/null +++ b/anomalies/ca1.txt @@ -0,0 +1,41 @@ +=== Anomaly scan: ca1.rspworks.tech (2026-04-10T21:46:10Z) === + +--- journalctl -p err --since '24 hours ago' --- +-- No entries -- + +--- recent log files (mtime < 7d) --- + +--- /var/log disk usage --- +372M /var/log +852K /var/log/ufw.log.2.gz +1.3M /var/log/syslog.3.gz +1.4M /var/log/syslog.2.gz +1.6M /var/log/auth.log +1.7M /var/log/mail.log +3.4M /var/log/auth.log.1 +6.1M /var/log/kern.log +6.1M /var/log/sysstat +6.1M /var/log/ufw.log +7.3M /var/log/ufw.log.1 +7.4M /var/log/kern.log.1 +7.9M /var/log/btmp.1 +8.7M /var/log/syslog +9.5M /var/log/syslog.1 +296M /var/log/journal + +--- top 15 largest files under /var/log --- + 440136579 /var/log + 360710144 /var/log/journal/6f9b28a107671d35d565db8d4fdf10a8 + 360710144 /var/log/journal + 58720256 /var/log/journal/6f9b28a107671d35d565db8d4fdf10a8/system@ab13cdfa37454491a79434767401386e-00000000003adb5c-00064cb3c1ed363d.journal + 58720256 /var/log/journal/6f9b28a107671d35d565db8d4fdf10a8/system@9e6ecb5b9f514c72a5570e68825ad6a7-00000000003ca351-00064d43484e2748.journal + 50331648 /var/log/journal/6f9b28a107671d35d565db8d4fdf10a8/system@fec4a914b99c4953ab02aad708666ef9-00000000003f6f27-00064e81484ba094.journal + 50331648 /var/log/journal/6f9b28a107671d35d565db8d4fdf10a8/system@9e6ecb5b9f514c72a5570e68825ad6a7-00000000003defff-00064ddfb0de2946.journal + 25165824 /var/log/journal/6f9b28a107671d35d565db8d4fdf10a8/system@9e6ecb5b9f514c72a5570e68825ad6a7-00000000003f15ad-00064e58095423d3.journal + 25165824 /var/log/journal/6f9b28a107671d35d565db8d4fdf10a8/system@00064d3b8778fc5f-b4dcd1bdd4b96ecb.journal~ + 9868554 /var/log/syslog.1 + 9053714 /var/log/syslog + 8388608 /var/log/journal/6f9b28a107671d35d565db8d4fdf10a8/user-1000.journal + 8388608 /var/log/journal/6f9b28a107671d35d565db8d4fdf10a8/user-1000@fec4a914b99c4953ab02aad708666ef9-00000000003f6f26-00064e81484b121d.journal + 8388608 /var/log/journal/6f9b28a107671d35d565db8d4fdf10a8/user-1000@ab13cdfa37454491a79434767401386e-00000000003c27c9-00064d143295a90c.journal + 8388608 /var/log/journal/6f9b28a107671d35d565db8d4fdf10a8/user-1000@ab13cdfa37454491a79434767401386e-00000000003afdc3-00064cc380be60fc.journal diff --git a/anomalies/ca2.txt b/anomalies/ca2.txt new file mode 100644 index 0000000..310fcba --- /dev/null +++ b/anomalies/ca2.txt @@ -0,0 +1,41 @@ +=== Anomaly scan: ip-51-79-3-199 (2026-04-10T21:46:10Z) === + +--- journalctl -p err --since '24 hours ago' --- +-- No entries -- + +--- recent log files (mtime < 7d) --- + +--- /var/log disk usage --- +463M /var/log +532K /var/log/syslog.3.gz +576K /var/log/ufw.log.4.gz +844K /var/log/auth.log.3.gz +1.1M /var/log/kern.log.3.gz +1.1M /var/log/kern.log.4.gz +1.1M /var/log/syslog.4.gz +1.1M /var/log/ufw.log.2.gz +1.1M /var/log/ufw.log.3.gz +1.2M /var/log/btmp +1.6M /var/log/auth.log +1.6M /var/log/auth.log.4.gz +3.3M /var/log/auth.log.1 +3.8M /var/log/ufw.log.1 +33M /var/log/btmp.1 +409M /var/log/journal + +--- top 15 largest files under /var/log --- + 485391370 /var/log + 428663992 /var/log/journal + 428659896 /var/log/journal/b02dc037a34a4cb8a15b01d75132a0f6 + 45110984 /var/log/journal/b02dc037a34a4cb8a15b01d75132a0f6/system@86c54d3ff5d441bb8055b2ee8b5a63e9-00000000000292e8-00064c3d93bf6cf5.journal + 44732968 /var/log/journal/b02dc037a34a4cb8a15b01d75132a0f6/system@86c54d3ff5d441bb8055b2ee8b5a63e9-0000000000037922-00064c84af763c31.journal + 44467312 /var/log/journal/b02dc037a34a4cb8a15b01d75132a0f6/system@86c54d3ff5d441bb8055b2ee8b5a63e9-0000000000053500-00064d0111ffd3c7.journal + 44453136 /var/log/journal/b02dc037a34a4cb8a15b01d75132a0f6/system@86c54d3ff5d441bb8055b2ee8b5a63e9-0000000000045881-00064cc7fd5e30a1.journal + 43759864 /var/log/journal/b02dc037a34a4cb8a15b01d75132a0f6/system@86c54d3ff5d441bb8055b2ee8b5a63e9-0000000000000be2-00064b9f844d6876.journal + 43717416 /var/log/journal/b02dc037a34a4cb8a15b01d75132a0f6/system@86c54d3ff5d441bb8055b2ee8b5a63e9-000000000001be8a-00064bffa0a97a8a.journal + 43173456 /var/log/journal/b02dc037a34a4cb8a15b01d75132a0f6/system@86c54d3ff5d441bb8055b2ee8b5a63e9-000000000000eb50-00064bcebd787df5.journal + 41980912 /var/log/journal/b02dc037a34a4cb8a15b01d75132a0f6/system@86c54d3ff5d441bb8055b2ee8b5a63e9-00000000000612ff-00064d4e811ecc56.journal + 34127232 /var/log/btmp.1 + 25165824 /var/log/journal/b02dc037a34a4cb8a15b01d75132a0f6/system.journal + 8388608 /var/log/journal/b02dc037a34a4cb8a15b01d75132a0f6/user-1001.journal + 4543296 /var/log/journal/b02dc037a34a4cb8a15b01d75132a0f6/user-1001@de6260ca127840deab7e231baa6cfc8a-000000000006158d-00064d54160e10b6.journal diff --git a/anomalies/ca3.txt b/anomalies/ca3.txt new file mode 100644 index 0000000..e15173e --- /dev/null +++ b/anomalies/ca3.txt @@ -0,0 +1,42 @@ +=== Anomaly scan: ca3.3z8.pw (2026-04-10T21:46:10Z) === + +--- journalctl -p err --since '24 hours ago' --- +-- Journal begins at Sat 2026-03-21 16:10:27 UTC, ends at Fri 2026-04-10 21:46:10 UTC. -- +-- No entries -- + +--- recent log files (mtime < 7d) --- + +--- /var/log disk usage --- +41M /var/log +0 /var/log/btmp +4.0K /var/log/auth.log +4.0K /var/log/debug +4.0K /var/log/messages +4.0K /var/log/private +8.0K /var/log/alternatives.log +8.0K /var/log/faillog +8.0K /var/log/lastlog +8.0K /var/log/runit +12K /var/log/wtmp +28K /var/log/daemon.log +32K /var/log/syslog +100K /var/log/apt +136K /var/log/dpkg.log +41M /var/log/journal + +--- top 15 largest files under /var/log --- + 42593888 /var/log + 41951232 /var/log/journal + 41947136 /var/log/journal/55590223568e4ab1b9338e2426cfb245 + 25165824 /var/log/journal/55590223568e4ab1b9338e2426cfb245/system.journal + 8388608 /var/log/journal/55590223568e4ab1b9338e2426cfb245/user-1000.journal + 8388608 /var/log/journal/55590223568e4ab1b9338e2426cfb245/system@83232735e3e24ff5ace21763d35e7781-0000000000000001-000610a6d481f748.journal + 292292 /var/log/lastlog + 137512 /var/log/dpkg.log + 91195 /var/log/apt + 63092 /var/log/apt/term.log + 32032 /var/log/faillog + 28775 /var/log/syslog + 28345 /var/log/daemon.log + 12428 /var/log/apt/eipp.log.xz + 11579 /var/log/apt/history.log diff --git a/anomalies/fr1.txt b/anomalies/fr1.txt new file mode 100644 index 0000000..2c6614a --- /dev/null +++ b/anomalies/fr1.txt @@ -0,0 +1,43 @@ +=== Anomaly scan: fr1.3z8.pw (2026-04-10T21:46:42Z) === + +--- journalctl -p err --since '24 hours ago' --- +-- No entries -- + +--- kubectl get events --all-namespaces (warnings) --- + +--- recent log files (mtime < 7d) --- + +--- /var/log disk usage --- +2.3G /var/log +2.3M /var/log/mail.log.1 +2.4M /var/log/borg-backup.log +2.8M /var/log/borg +2.9M /var/log/syslog.3.gz +3.0M /var/log/auth.log.1 +3.8M /var/log/syslog.2.gz +5.2M /var/log/postfix.log +6.1M /var/log/kern.log +6.1M /var/log/ufw.log +7.3M /var/log/ufw.log.1 +7.4M /var/log/kern.log.1 +13M /var/log/btmp.1 +38M /var/log/syslog +47M /var/log/syslog.1 +2.2G /var/log/journal + +--- top 15 largest files under /var/log --- +2424100146 /var/log +2256551936 /var/log/journal +2256547840 /var/log/journal/7a3fd67a924c4186bb3081ae4975373c + 125829120 /var/log/journal/7a3fd67a924c4186bb3081ae4975373c/user-1000@27dcfd2fef7244188c973786553a5804-0000000000a63802-00064ee25f15ebf5.journal + 125829120 /var/log/journal/7a3fd67a924c4186bb3081ae4975373c/user-1000@27dcfd2fef7244188c973786553a5804-0000000000a486e1-00064ebf45be6c08.journal + 125829120 /var/log/journal/7a3fd67a924c4186bb3081ae4975373c/user-1000@27dcfd2fef7244188c973786553a5804-0000000000a2d51d-00064e9ca8d04650.journal + 125829120 /var/log/journal/7a3fd67a924c4186bb3081ae4975373c/user-1000@27dcfd2fef7244188c973786553a5804-0000000000a11a97-00064e79b0d30b2f.journal + 125829120 /var/log/journal/7a3fd67a924c4186bb3081ae4975373c/user-1000@27dcfd2fef7244188c973786553a5804-00000000009f4c9f-00064e56b4e1c853.journal + 125829120 /var/log/journal/7a3fd67a924c4186bb3081ae4975373c/user-1000@27dcfd2fef7244188c973786553a5804-00000000009d71f8-00064e33e5548a49.journal + 125829120 /var/log/journal/7a3fd67a924c4186bb3081ae4975373c/user-1000@27dcfd2fef7244188c973786553a5804-00000000009ba218-00064e112c8993aa.journal + 125829120 /var/log/journal/7a3fd67a924c4186bb3081ae4975373c/user-1000@27dcfd2fef7244188c973786553a5804-000000000099c686-00064def3633af5b.journal + 125829120 /var/log/journal/7a3fd67a924c4186bb3081ae4975373c/user-1000@27dcfd2fef7244188c973786553a5804-000000000097e720-00064dcc67deca0d.journal + 125829120 /var/log/journal/7a3fd67a924c4186bb3081ae4975373c/user-1000@27dcfd2fef7244188c973786553a5804-0000000000961320-00064da9dc769b56.journal + 125829120 /var/log/journal/7a3fd67a924c4186bb3081ae4975373c/user-1000@27dcfd2fef7244188c973786553a5804-0000000000941583-00064d8712b97fc5.journal + 109051904 /var/log/journal/7a3fd67a924c4186bb3081ae4975373c/system@32d91142d7d0427bb5e4c170c7a73604-0000000000917d56-00064d56478ea870.journal diff --git a/anomalies/mo1.txt b/anomalies/mo1.txt new file mode 100644 index 0000000..e22afee --- /dev/null +++ b/anomalies/mo1.txt @@ -0,0 +1,79 @@ +=== Anomaly scan: mo1.3z8.pw (2026-04-10T21:46:10Z) === + +--- journalctl -p err --since '24 hours ago' --- +Apr 09 23:02:18 mo1.3z8.pw sudo[1989355]: pam_unix(sudo:auth): conversation failed +Apr 09 23:02:18 mo1.3z8.pw sudo[1989355]: pam_unix(sudo:auth): auth could not identify password for [rpert] +Apr 09 23:16:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync). +Apr 09 23:33:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync). +Apr 09 23:59:51 mo1.3z8.pw sudo[4140045]: pam_unix(sudo:auth): conversation failed +Apr 09 23:59:51 mo1.3z8.pw sudo[4140045]: pam_unix(sudo:auth): auth could not identify password for [rpert] +Apr 10 00:02:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync). +Apr 10 00:49:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync). +Apr 10 01:00:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync). +Apr 10 01:05:16 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync). +Apr 10 01:10:33 mo1.3z8.pw sudo[2570337]: pam_unix(sudo:auth): conversation failed +Apr 10 01:10:33 mo1.3z8.pw sudo[2570337]: pam_unix(sudo:auth): auth could not identify password for [rpert] +Apr 10 02:16:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync). +Apr 10 03:51:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync). +Apr 10 04:08:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync). +Apr 10 05:01:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync). +Apr 10 05:36:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync). +Apr 10 05:59:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync). +Apr 10 07:19:31 mo1.3z8.pw sudo[3980992]: pam_unix(sudo:auth): conversation failed +Apr 10 07:19:31 mo1.3z8.pw sudo[3980992]: pam_unix(sudo:auth): auth could not identify password for [rpert] +Apr 10 09:52:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync). +Apr 10 10:21:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync). +Apr 10 10:56:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync). +Apr 10 11:07:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync). +Apr 10 11:42:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync). +Apr 10 12:11:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync). +Apr 10 12:16:16 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync). +Apr 10 12:57:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync). +Apr 10 13:08:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync). +Apr 10 13:13:16 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync). +Apr 10 13:36:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync). +Apr 10 13:41:16 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync). +Apr 10 14:34:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync). +Apr 10 14:39:16 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync). +Apr 10 15:14:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync). +Apr 10 15:31:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync). +Apr 10 15:36:16 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync). + +--- kubectl get events --all-namespaces (warnings) --- + +--- recent log files (mtime < 7d) --- + +--- /var/log disk usage --- +822M /var/log +524K /var/log/kern.log.1 +600K /var/log/auth.log.2.gz +908K /var/log/auth.log.3.gz +1016K /var/log/btmp +1.1M /var/log/auth.log.4.gz +1.5M /var/log/syslog.4.gz +2.3M /var/log/auth.log +3.0M /var/log/syslog.2.gz +4.3M /var/log/auth.log.1 +6.9M /var/log/syslog.3.gz +18M /var/log/rclone-media.log +23M /var/log/btmp.1 +39M /var/log/syslog.1 +65M /var/log/syslog +655M /var/log/journal + +--- top 15 largest files under /var/log --- + 916304891 /var/log + 740593040 /var/log/journal + 740588944 /var/log/journal/a9f1f6828f9a4d60a85e1079cc2c6bc4 + 128611656 /var/log/journal/a9f1f6828f9a4d60a85e1079cc2c6bc4/system@988ab89fd22f4f208176d25bc2f2470d-0000000000074a21-00064d0e5525584b.journal + 109051904 /var/log/journal/a9f1f6828f9a4d60a85e1079cc2c6bc4/system.journal + 75985176 /var/log/journal/a9f1f6828f9a4d60a85e1079cc2c6bc4/system@988ab89fd22f4f208176d25bc2f2470d-000000000013e463-00064e5f5e0e5175.journal + 74216752 /var/log/journal/a9f1f6828f9a4d60a85e1079cc2c6bc4/system@988ab89fd22f4f208176d25bc2f2470d-000000000010fac9-00064e02e1bb1c0d.journal + 70106232 /var/log/journal/a9f1f6828f9a4d60a85e1079cc2c6bc4/system@988ab89fd22f4f208176d25bc2f2470d-00000000000db4af-00064d7f051b8ba1.journal + 67501427 /var/log/syslog + 58720256 /var/log/journal/a9f1f6828f9a4d60a85e1079cc2c6bc4/system@00064d7ec2d5b400-62e4a0e0b73c867c.journal~ + 46971424 /var/log/journal/a9f1f6828f9a4d60a85e1079cc2c6bc4/user-1001@01eac76beb704389b4f9ca118b11b2f8-00000000000db4ec-00064d7f051d3e37.journal + 45807768 /var/log/journal/a9f1f6828f9a4d60a85e1079cc2c6bc4/user-1001@01eac76beb704389b4f9ca118b11b2f8-000000000013e47d-00064e5f64861672.journal + 40099593 /var/log/syslog.1 + 28811960 /var/log/journal/a9f1f6828f9a4d60a85e1079cc2c6bc4/user-1001@01eac76beb704389b4f9ca118b11b2f8-000000000010fad6-00064e02e39cd4e3.journal + 25165824 /var/log/journal/a9f1f6828f9a4d60a85e1079cc2c6bc4/user-1001@00064d7ec2f1014e-21c53d09549b2cc2.journal~ diff --git a/anomalies/ro1.txt b/anomalies/ro1.txt new file mode 100644 index 0000000..31d3cfe --- /dev/null +++ b/anomalies/ro1.txt @@ -0,0 +1,65 @@ +=== Anomaly scan: ro1-3z8-pw.novalocal (2026-04-10T21:46:09Z) === + +--- recent log files (mtime < 7d) --- +/var/log/borg-backup.log errors=5 warns=0 size=13318316 + > M /usr/local/www/apache24/error/HTTP_INTERNAL_SERVER_ERROR.html.var + > M /usr/local/www/apache24/error/HTTP_PRECONDITION_FAILED.html.var + > M /usr/local/www/apache24/error/HTTP_INTERNAL_SERVER_ERROR.html.var + > M /usr/local/www/apache24/error/HTTP_PRECONDITION_FAILED.html.var + > M /usr/local/www/i47i.tk/wp-content/plugins/redis-cache/dependencies/predis/predis/src/Command/Redis/FAILOVER.php +/var/log/freedns-ssl-error.log errors=72 warns=0 size=1343992 + > [Thu Mar 19 17:06:45.696498 2026] [authz_core:error] [pid 59340] [client 20.151.11.236:41914] AH01630: client denied by server configuration: /usr/local/www/apache24/cgi-bin + > [Sat Mar 21 05:45:17.976155 2026] [authz_core:error] [pid 97472] [client 20.151.11.236:31811] AH01630: client denied by server configuration: /usr/local/www/apache24/cgi-bin + > [Sat Mar 21 06:41:09.566838 2026] [authz_core:error] [pid 69202] [client 172.235.235.248:54732] AH01630: client denied by server configuration: /usr/local/www/apache24/cgi-bin + > [Sun Mar 22 03:00:13.267508 2026] [authz_core:error] [pid 9998] [client 185.177.72.52:18966] AH01630: client denied by server configuration: /usr/local/www/freedns-placeholder/.htaccess + > [Sun Mar 22 03:00:13.502429 2026] [authz_core:error] [pid 69202] [client 185.177.72.52:18982] AH01630: client denied by server configuration: /usr/local/www/freedns-placeholder/.htaccess +/var/log/httpd/i47i.tk-error.log errors=51 warns=0 size=400820 + > [Thu Mar 19 18:50:37.024880 2026] [authz_core:error] [pid 59307] [client 20.222.18.47:21485] AH01630: client denied by server configuration: /usr/local/www/apache24/cgi-bin + > [Fri Mar 20 11:42:47.077024 2026] [authz_core:error] [pid 69861] [client 23.100.100.188:3532] AH01630: client denied by server configuration: /usr/local/www/apache24/cgi-bin + > [Tue Mar 24 23:57:24.319230 2026] [authz_core:error] [pid 81828] [client 85.203.23.121:52441] AH01630: client denied by server configuration: /usr/local/www/apache24/cgi-bin, referer: http://i47i.tk/cgi-bin/cgi-bin/sql.php + > [Wed Mar 25 02:04:05.820795 2026] [authz_core:error] [pid 81829] [client 20.222.18.47:22936] AH01630: client denied by server configuration: /usr/local/www/apache24/cgi-bin + > [Wed Mar 25 18:35:40.714323 2026] [authz_core:error] [pid 32775] [client 20.151.201.236:22849] AH01630: client denied by server configuration: /usr/local/www/apache24/cgi-bin +/var/log/manual-upgrades/upgrade-2026-04-05_0400.log errors=3 warns=0 size=2495 + > Warning: Failed to create directory '/nonexistent/.wp-cli/cache/': mkdir(): Permission denied. + > FAILED: apache24 php_fpm jellyfin flood redis + > {"id":"ZAa6Ntdv1W5c","time":1775361630,"expires":1775404830,"event":"message","topic":"rspworks-updates","title":"Manual Upgrade ERRORS — ro1-3z8-pw.novalocal","message":"1 services running\n\nUpdated:\\n• WordPress: 3 plugins\n\nErrors:\\n• Service down: apache24\\n• Service down: php_fpm\\n• Service down: jellyfin\\n• Service down: flood\\n• Service down: redis","priority":4,"tags":["warning","package"]} +/var/log/messages errors=0 warns=886 size=512303 +/var/log/mount_monitor.log errors=0 warns=1808 size=526613 +/var/log/mount_monitor.log.old errors=7 warns=3614 size=1048798 + > [2026-03-24 13:05:30] CRITICAL: Mount is hung (ls command timed out) + > [2026-03-24 13:06:28] FAILED: Mount still not responding after recovery attempt + > [2026-03-24 13:10:30] CRITICAL: Mount is hung (ls command timed out) + > [2026-03-24 13:11:28] FAILED: Mount still not responding after recovery attempt + > [2026-03-24 13:15:35] CRITICAL: Mount is hung (ls command timed out) +/var/log/rclone_1fichier.log errors=6 warns=0 size=3527222 + > 2026/03/24 13:06:28 ERROR : IO error: couldn't list files: Post "https://api.1fichier.com/v1/file/ls.cgi": dial tcp: lookup api.1fichier.com: i/o timeout + > 2026/03/24 13:10:30 ERROR : IO error: couldn't list files: Post "https://api.1fichier.com/v1/file/ls.cgi": dial tcp: lookup api.1fichier.com: i/o timeout + > 2026/03/24 13:11:28 ERROR : IO error: couldn't list files: Post "https://api.1fichier.com/v1/file/ls.cgi": dial tcp 5.39.224.140:443: i/o timeout + > 2026/03/24 13:15:35 ERROR : IO error: couldn't list files: Post "https://api.1fichier.com/v1/file/ls.cgi": net/http: TLS handshake timeout + > 2026/03/30 06:45:30 ERROR : IO error: couldn't list files: Post "https://api.1fichier.com/v1/file/ls.cgi": dial tcp 5.39.224.140:443: i/o timeout +/var/log/webmail-ssl-error.log errors=62 warns=0 size=28197 + > [Fri Jan 09 22:57:32.624107 2026] [authz_core:error] [pid 67028] [client 146.19.168.250:51646] AH01630: client denied by server configuration: /usr/local/www/roundcube/config/.env + > [Fri Jan 09 22:57:45.572560 2026] [authz_core:error] [pid 67028] [client 146.19.168.250:51646] AH01630: client denied by server configuration: /usr/local/www/roundcube/config/config.php + > [Fri Jan 09 22:57:47.072687 2026] [authz_core:error] [pid 67028] [client 146.19.168.250:51646] AH01630: client denied by server configuration: /usr/local/www/roundcube/config/database.php + > [Fri Jan 09 22:57:47.392299 2026] [authz_core:error] [pid 67028] [client 146.19.168.250:51646] AH01630: client denied by server configuration: /usr/local/www/roundcube/config/mail.php + > [Fri Jan 09 22:57:47.693547 2026] [authz_core:error] [pid 67028] [client 146.19.168.250:51646] AH01630: client denied by server configuration: /usr/local/www/roundcube/config/app.php + +--- /var/log disk usage --- + 95M /var/log +960K /var/log/httpd-nextcloud-access.log +1.1M /var/log/mount_monitor.log.old +1.3M /var/log/freedns-ssl-error.log +1.9M /var/log/freedns-access.log +2.2M /var/log/matomo-access.log +2.6M /var/log/flood.log +3.3M /var/log/httpd-access.log +3.4M /var/log/rclone_1fichier.log +4.3M /var/log/freedns-ssl-access.log +5.6M /var/log/httpd-error.log +6.2M /var/log/redis +9.3M /var/log/letsencrypt +9.8M /var/log/httpd + 13M /var/log/borg-backup.log + 24M /var/log/webmail-ssl-access.log + +--- top 15 largest files under /var/log --- diff --git a/anomalies/sony.txt b/anomalies/sony.txt new file mode 100644 index 0000000..6e5cad3 --- /dev/null +++ b/anomalies/sony.txt @@ -0,0 +1,140 @@ +=== Anomaly scan: sony (2026-04-10T21:50:12Z) === + +--- journalctl -p err --since '24 hours ago' --- +Apr 10 19:24:30 sony kwin_wayland[1565]: pw.core: 0x5608ec77a790: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:24:30 sony kwin_wayland[1565]: pw.core: 0x5608ecf12a10: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:24:31 sony kwin_wayland[1565]: pw.core: 0x5608ec77a790: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:24:31 sony kwin_wayland[1565]: pw.core: 0x5608ecf12a10: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:24:35 sony kwin_wayland[1565]: pw.core: 0x5608ec77a790: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:24:35 sony kwin_wayland[1565]: pw.core: 0x5608eca68270: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:24:56 sony kwin_wayland[1565]: pw.core: 0x5608ec77a790: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:24:56 sony kwin_wayland[1565]: pw.core: 0x5608ecdcca70: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:25:00 sony kwin_wayland[1565]: pw.core: 0x5608ec77a790: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:25:00 sony kwin_wayland[1565]: pw.core: 0x5608ecedaee0: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:25:00 sony kwin_wayland[1565]: pw.core: 0x5608ec77a790: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:25:00 sony kwin_wayland[1565]: pw.core: 0x5608ecedaee0: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:28:00 sony kwin_wayland[1565]: pw.core: 0x5608ec77a790: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:28:00 sony kwin_wayland[1565]: pw.core: 0x5608ec77a790: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:28:00 sony kwin_wayland[1565]: pw.core: 0x5608ec77a790: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:28:00 sony kwin_wayland[1565]: pw.core: 0x5608ec77a790: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:28:00 sony kwin_wayland[1565]: pw.core: 0x5608ec77a790: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:28:01 sony kwin_wayland[1565]: pw.core: 0x5608ec77a790: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:28:01 sony kwin_wayland[1565]: pw.core: 0x5608ec77a790: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:28:01 sony kwin_wayland[1565]: pw.core: 0x5608ec77a790: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:28:01 sony kwin_wayland[1565]: pw.core: 0x5608ec77a790: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:28:21 sony kwin_wayland[1565]: pw.core: 0x5608ecf12a10: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:28:21 sony kwin_wayland[1565]: pw.core: 0x5608ecf12a10: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:29:23 sony kwin_wayland[1565]: pw.core: 0x5608eca68270: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:29:23 sony kwin_wayland[1565]: pw.core: 0x5608eca68270: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:29:24 sony kwin_wayland[1565]: pw.core: 0x5608eca68270: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:29:24 sony kwin_wayland[1565]: pw.core: 0x5608eca68270: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:30:29 sony kwin_wayland[1565]: pw.core: 0x5608eca68270: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:31:40 sony kwin_wayland[1565]: pw.core: 0x5608eca68270: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:31:40 sony kwin_wayland[1565]: pw.core: 0x5608eca68270: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:31:41 sony kwin_wayland[1565]: pw.core: 0x5608eca68270: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:31:41 sony kwin_wayland[1565]: pw.core: 0x5608eca68270: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:34:48 sony kwin_wayland[1565]: pw.core: 0x5608eccbd420: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:34:48 sony kwin_wayland[1565]: pw.core: 0x5608eccbd420: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:34:48 sony kwin_wayland[1565]: pw.core: 0x5608eccbd420: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:34:48 sony kwin_wayland[1565]: pw.core: 0x5608eccbd420: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:34:48 sony kwin_wayland[1565]: pw.core: 0x5608eccbd420: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:34:49 sony kwin_wayland[1565]: pw.core: 0x5608eccbd420: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:34:49 sony kwin_wayland[1565]: pw.core: 0x5608eccde2f0: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:35:03 sony kwin_wayland[1565]: pw.core: 0x5608ec42fb10: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:35:03 sony kwin_wayland[1565]: pw.core: 0x5608eca8c330: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:35:03 sony kwin_wayland[1565]: pw.core: 0x5608ec77a790: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:35:04 sony kwin_wayland[1565]: pw.core: 0x5608ec94dd90: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:35:04 sony kwin_wayland[1565]: pw.core: 0x5608eca8e7a0: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:38:28 sony kwin_wayland[1565]: pw.core: 0x5608eca8e7a0: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:38:28 sony kwin_wayland[1565]: pw.core: 0x5608ec77a790: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:58:55 sony kwin_wayland[1565]: pw.core: 0x5608ec42fb10: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 19:58:55 sony kwin_wayland[1565]: pw.core: 0x5608ec77a790: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:03:51 sony kwin_wayland[1565]: pw.core: 0x5608ec77a790: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:03:51 sony kwin_wayland[1565]: pw.core: 0x5608ec42fb10: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:03:51 sony kwin_wayland[1565]: pw.core: 0x5608ec77a790: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:10:56 sony kwin_wayland[1565]: pw.core: 0x5608eca8e7a0: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:10:56 sony kwin_wayland[1565]: pw.core: 0x5608ec42fb10: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:10:56 sony kwin_wayland[1565]: pw.core: 0x5608eca8e7a0: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:12:25 sony kwin_wayland[1565]: pw.core: 0x5608ec42fb10: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:12:25 sony kwin_wayland[1565]: pw.core: 0x5608eca5f490: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:12:25 sony kwin_wayland[1565]: pw.core: 0x5608ec42fb10: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:12:25 sony kwin_wayland[1565]: pw.core: 0x5608eca5f490: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:12:26 sony kwin_wayland[1565]: pw.core: 0x5608ec42fb10: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:12:26 sony kwin_wayland[1565]: pw.core: 0x5608eccbd420: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:12:34 sony kwin_wayland[1565]: pw.core: 0x5608ec42fb10: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:12:34 sony kwin_wayland[1565]: pw.core: 0x5608eccbd420: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:12:34 sony kwin_wayland[1565]: pw.core: 0x5608ec42fb10: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:12:34 sony kwin_wayland[1565]: pw.core: 0x5608eccbd420: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:12:34 sony kwin_wayland[1565]: pw.core: 0x5608ec42fb10: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:12:34 sony kwin_wayland[1565]: pw.core: 0x5608eccbd420: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:12:35 sony kwin_wayland[1565]: pw.core: 0x5608ec42fb10: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:12:53 sony kwin_wayland[1565]: pw.core: 0x5608eccbd420: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:12:53 sony kwin_wayland[1565]: pw.core: 0x5608ec77a790: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:12:56 sony kwin_wayland[1565]: pw.core: 0x5608eccbd420: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:12:56 sony kwin_wayland[1565]: pw.core: 0x5608ecedaee0: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:14:37 sony kwin_wayland[1565]: pw.core: 0x5608ec77a790: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:14:37 sony kwin_wayland[1565]: pw.core: 0x5608ecedaee0: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:14:37 sony kwin_wayland[1565]: pw.core: 0x5608eca89820: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:14:37 sony kwin_wayland[1565]: pw.core: 0x5608eca98ff0: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:14:37 sony kwin_wayland[1565]: pw.core: 0x5608ec77a790: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:14:38 sony kwin_wayland[1565]: pw.core: 0x5608ecedaee0: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:14:38 sony kwin_wayland[1565]: pw.core: 0x5608eca89820: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:14:38 sony kwin_wayland[1565]: pw.core: 0x5608eca98ff0: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:14:38 sony kwin_wayland[1565]: pw.core: 0x5608ec77a790: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:14:38 sony kwin_wayland[1565]: pw.core: 0x5608ecedaee0: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:14:38 sony kwin_wayland[1565]: pw.core: 0x5608eca89820: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:14:38 sony kwin_wayland[1565]: pw.core: 0x5608eca98ff0: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:18:30 sony kwin_wayland[1565]: pw.core: 0x5608ec42fb10: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:18:30 sony kwin_wayland[1565]: pw.core: 0x5608ec77a790: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:18:30 sony kwin_wayland[1565]: pw.core: 0x5608eca89820: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:18:30 sony kwin_wayland[1565]: pw.core: 0x5608ecedaee0: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:19:00 sony kwin_wayland[1565]: pw.core: 0x5608eccbd420: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:19:00 sony kwin_wayland[1565]: pw.core: 0x5608ec42fb10: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:19:00 sony kwin_wayland[1565]: pw.core: 0x5608eca89820: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:19:00 sony kwin_wayland[1565]: pw.core: 0x5608ec77a790: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:19:00 sony kwin_wayland[1565]: pw.core: 0x5608eccbd420: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:19:00 sony kwin_wayland[1565]: pw.core: 0x5608ec42fb10: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:19:01 sony kwin_wayland[1565]: pw.core: 0x5608eca5f490: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:19:01 sony kwin_wayland[1565]: pw.core: 0x5608eca89820: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:19:10 sony kwin_wayland[1565]: pw.core: 0x5608eccbd420: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:19:10 sony kwin_wayland[1565]: pw.core: 0x5608ec77a790: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:19:10 sony kwin_wayland[1565]: pw.core: 0x5608ec9faf80: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 20:19:10 sony kwin_wayland[1565]: pw.core: 0x5608eca5f490: can't find protocol 'PipeWire:Protocol:Native': Operation not supported +Apr 10 21:29:28 sony pulseaudio[2074]: listen(): Address already in use + +--- recent log files (mtime < 7d) --- + +--- /var/log disk usage --- +975M /var/log +44K /var/log/Xorg.4.log +48K /var/log/Xorg.0.log +48K /var/log/Xorg.2.log.old +52K /var/log/Xorg.2.log +64K /var/log/cups +80K /var/log/dpkg.log +176K /var/log/dpkg.log.1 +328K /var/log/apt +348K /var/log/wtmp +5.2M /var/log/borg +8.0M /var/log/sysstat +16M /var/log/installer +22M /var/log/btmp.1 +43M /var/log/btmp +881M /var/log/journal + +--- top 15 largest files under /var/log --- +1044955349 /var/log + 946458048 /var/log/journal + 946453952 /var/log/journal/d6ca70e2890c410d83487a70a6f3f191 + 88073456 /var/log/journal/d6ca70e2890c410d83487a70a6f3f191/system@3535f37826724a348121d0df1b9e4792-0000000000a34940-00064d26d0195621.journal + 63504120 /var/log/journal/d6ca70e2890c410d83487a70a6f3f191/system@3535f37826724a348121d0df1b9e4792-0000000000a69958-00064d5ff691b4bf.journal + 62967088 /var/log/journal/d6ca70e2890c410d83487a70a6f3f191/system@3535f37826724a348121d0df1b9e4792-0000000000af4d40-00064e327ccda35d.journal + 61736360 /var/log/journal/d6ca70e2890c410d83487a70a6f3f191/system@3535f37826724a348121d0df1b9e4792-0000000000a8de97-00064d86d8f9bd3e.journal + 61211680 /var/log/journal/d6ca70e2890c410d83487a70a6f3f191/system@3535f37826724a348121d0df1b9e4792-0000000000ad27b8-00064df90e8ad1b4.journal + 59695360 /var/log/journal/d6ca70e2890c410d83487a70a6f3f191/system@3535f37826724a348121d0df1b9e4792-0000000000aaf970-00064db69212e347.journal + 52503040 /var/log/journal/d6ca70e2890c410d83487a70a6f3f191/system@3535f37826724a348121d0df1b9e4792-0000000000b998d6-00064ef8d98ae458.journal + 51122088 /var/log/journal/d6ca70e2890c410d83487a70a6f3f191/system@3535f37826724a348121d0df1b9e4792-0000000000b19523-00064e6770b00a37.journal + 48994704 /var/log/journal/d6ca70e2890c410d83487a70a6f3f191/system@3535f37826724a348121d0df1b9e4792-0000000000b6e73c-00064ecb4656be5a.journal + 48922288 /var/log/journal/d6ca70e2890c410d83487a70a6f3f191/system@3535f37826724a348121d0df1b9e4792-0000000000b310e6-00064e88c632bfd4.journal + 48506288 /var/log/journal/d6ca70e2890c410d83487a70a6f3f191/system@3535f37826724a348121d0df1b9e4792-0000000000b84345-00064ee40729abfa.journal + 48217128 /var/log/journal/d6ca70e2890c410d83487a70a6f3f191/system@3535f37826724a348121d0df1b9e4792-0000000000b45d3b-00064ea125adf352.journal diff --git a/anomalies/termux.txt b/anomalies/termux.txt new file mode 100644 index 0000000..a021419 --- /dev/null +++ b/anomalies/termux.txt @@ -0,0 +1,7 @@ +=== Anomaly scan: localhost (2026-04-10T21:46:49Z) === + +--- recent log files (mtime < 7d) --- + +--- /var/log disk usage --- + +--- top 15 largest files under /var/log --- diff --git a/logs/inventory/ams.csv b/logs/inventory/ams.csv new file mode 100644 index 0000000..0c49ce2 --- /dev/null +++ b/logs/inventory/ams.csv @@ -0,0 +1,31 @@ +"/var/log/auth.log",626832,"","auth.log" +"/var/log/auth.log.0.bz2",76694,"","auth.log.0.bz2" +"/var/log/auth.log.1.bz2",78966,"","auth.log.1.bz2" +"/var/log/auth.log.2.bz2",73297,"","auth.log.2.bz2" +"/var/log/auth.log.3.bz2",75151,"","auth.log.3.bz2" +"/var/log/auth.log.4.bz2",76408,"","auth.log.4.bz2" +"/var/log/auth.log.5.bz2",75882,"","auth.log.5.bz2" +"/var/log/auth.log.6.bz2",76375,"","auth.log.6.bz2" +"/var/log/borg-backup.log",6198346,"","borg-backup.log" +"/var/log/daemon.log",2515,"","daemon.log" +"/var/log/daemon.log.0.bz2",266,"","daemon.log.0.bz2" +"/var/log/debug.log",121837,"","debug.log" +"/var/log/debug.log.0.bz2",55238,"","debug.log.0.bz2" +"/var/log/debug.log.1.bz2",58823,"","debug.log.1.bz2" +"/var/log/debug.log.2.bz2",57540,"","debug.log.2.bz2" +"/var/log/debug.log.3.bz2",49217,"","debug.log.3.bz2" +"/var/log/debug.log.4.bz2",48300,"","debug.log.4.bz2" +"/var/log/debug.log.5.bz2",48508,"","debug.log.5.bz2" +"/var/log/debug.log.6.bz2",48756,"","debug.log.6.bz2" +"/var/log/devd.log",58,"","devd.log" +"/var/log/dmesg.today",277,"","dmesg.today" +"/var/log/dmesg.yesterday",140,"","dmesg.yesterday" +"/var/log/mail-archive.log",209,"","mail-archive.log" +"/var/log/messages",350286,"","messages" +"/var/log/ppp.log",58,"","ppp.log" +"/var/log/redis/redis.log",28083,"","redis" +"/var/log/utx.log",2028,"","utx.log" +"/var/log/utx.log.0",17784,"","utx.log.0" +"/var/log/utx.log.1",480176,"","utx.log.1" +"/var/log/utx.log.2",11336,"","utx.log.2" +"/var/log/wg-restart.log",1689,"","wg-restart.log" diff --git a/logs/inventory/ams2.csv b/logs/inventory/ams2.csv new file mode 100644 index 0000000..a7eb18c --- /dev/null +++ b/logs/inventory/ams2.csv @@ -0,0 +1,73 @@ +"/var/log/auth.log",663845,"","auth.log" +"/var/log/auth.log.0.bz2",71672,"","auth.log.0.bz2" +"/var/log/auth.log.1.bz2",69293,"","auth.log.1.bz2" +"/var/log/auth.log.2.bz2",65703,"","auth.log.2.bz2" +"/var/log/auth.log.3.bz2",72685,"","auth.log.3.bz2" +"/var/log/auth.log.4.bz2",73035,"","auth.log.4.bz2" +"/var/log/auth.log.5.bz2",70234,"","auth.log.5.bz2" +"/var/log/auth.log.6.bz2",65569,"","auth.log.6.bz2" +"/var/log/borg-backup.log",64409,"","borg-backup.log" +"/var/log/borg/backup-20260223.log",17591,"","borg" +"/var/log/borg/backup-20260224.log",3325,"","borg" +"/var/log/borg/backup-20260225.log",3651,"","borg" +"/var/log/borg/backup-20260226.log",22157,"","borg" +"/var/log/borg/backup-20260227.log",4416,"","borg" +"/var/log/borg/backup-20260228.log",4062,"","borg" +"/var/log/borg/backup-20260301.log",4371,"","borg" +"/var/log/borg/backup-20260302.log",4545,"","borg" +"/var/log/borg/backup-20260303.log",4410,"","borg" +"/var/log/borg/backup-20260304.log",4545,"","borg" +"/var/log/borg/backup-20260305.log",4545,"","borg" +"/var/log/borg/backup-20260306.log",4545,"","borg" +"/var/log/borg/backup-20260307.log",4545,"","borg" +"/var/log/borg/backup-20260308.log",4719,"","borg" +"/var/log/borg/backup-20260309.log",4967,"","borg" +"/var/log/borg/backup-20260310.log",4926,"","borg" +"/var/log/borg/backup-20260311.log",6186,"","borg" +"/var/log/borg/backup-20260312.log",3690,"","borg" +"/var/log/borg/backup-20260313.log",3690,"","borg" +"/var/log/borg/backup-20260314.log",3822,"","borg" +"/var/log/borg/backup-20260315.log",5292,"","borg" +"/var/log/borg/backup-20260316.log",3109,"","borg" +"/var/log/borg/backup-20260317.log",5647,"","borg" +"/var/log/borg/backup-20260318.log",4969,"","borg" +"/var/log/borg/backup-20260319.log",5398,"","borg" +"/var/log/borg/backup-20260320.log",5269,"","borg" +"/var/log/borg/backup-20260321.log",5291,"","borg" +"/var/log/borg/backup-20260322.log",5255,"","borg" +"/var/log/borg/backup-20260323.log",5249,"","borg" +"/var/log/borg/backup-20260324.log",5386,"","borg" +"/var/log/borg/backup-20260325.log",5386,"","borg" +"/var/log/borg/backup-20260326.log",5478,"","borg" +"/var/log/borg/backup-20260327.log",11201,"","borg" +"/var/log/borg/backup-20260328.log",5834,"","borg" +"/var/log/borg/backup-20260329.log",5527,"","borg" +"/var/log/borg/backup-20260330.log",3996,"","borg" +"/var/log/borg/backup-20260331.log",3862,"","borg" +"/var/log/borg/backup-20260401.log",3915,"","borg" +"/var/log/borg/backup-20260402.log",3915,"","borg" +"/var/log/borg/backup-20260403.log",7991,"","borg" +"/var/log/borg/backup-20260404.log",5688,"","borg" +"/var/log/borg/cron.log",265522,"","borg" +"/var/log/daemon.log",662414,"","daemon.log" +"/var/log/daemon.log.0.bz2",53998,"","daemon.log.0.bz2" +"/var/log/daemon.log.1.bz2",53935,"","daemon.log.1.bz2" +"/var/log/daemon.log.2.bz2",52538,"","daemon.log.2.bz2" +"/var/log/daemon.log.3.bz2",54597,"","daemon.log.3.bz2" +"/var/log/daemon.log.4.bz2",54054,"","daemon.log.4.bz2" +"/var/log/debug.log",653461,"","debug.log" +"/var/log/debug.log.0.bz2",47990,"","debug.log.0.bz2" +"/var/log/debug.log.1.bz2",48771,"","debug.log.1.bz2" +"/var/log/debug.log.2.bz2",48903,"","debug.log.2.bz2" +"/var/log/debug.log.3.bz2",48640,"","debug.log.3.bz2" +"/var/log/debug.log.4.bz2",49680,"","debug.log.4.bz2" +"/var/log/devd.log",59,"","devd.log" +"/var/log/dmesg.today",0,"","dmesg.today" +"/var/log/dmesg.yesterday",106,"","dmesg.yesterday" +"/var/log/messages",663378,"","messages" +"/var/log/ppp.log",59,"","ppp.log" +"/var/log/utx.log",854,"","utx.log" +"/var/log/utx.log.0",4916,"","utx.log.0" +"/var/log/utx.log.1",20121,"","utx.log.1" +"/var/log/utx.log.2",6270,"","utx.log.2" +"/var/log/wg-restart.log",899,"","wg-restart.log" diff --git a/logs/inventory/ca1.csv b/logs/inventory/ca1.csv new file mode 100644 index 0000000..36257e7 --- /dev/null +++ b/logs/inventory/ca1.csv @@ -0,0 +1,92 @@ +"/var/log/alternatives.log",444,"2026-04-09 13:57:34","alternatives.log" +"/var/log/alternatives.log.1",13075,"2026-03-29 09:14:43","alternatives.log.1" +"/var/log/apport.log",0,"2025-12-20 04:08:10","apport.log" +"/var/log/apt/eipp.log.xz",44976,"2026-04-09 20:31:29","apt" +"/var/log/apt/history.log",4233,"2026-04-09 20:31:40","apt" +"/var/log/apt/history.log.1.gz",9089,"2026-03-31 06:47:12","apt" +"/var/log/apt/term.log",23109,"2026-04-09 20:31:40","apt" +"/var/log/apt/term.log.1.gz",26777,"2026-03-31 06:47:12","apt" +"/var/log/auth.log",1597500,"2026-04-10 21:46:08","auth.log" +"/var/log/auth.log.1",3503624,"2026-04-05 00:00:01","auth.log.1" +"/var/log/auth.log.2.gz",406281,"2026-03-29 00:00:01","auth.log.2.gz" +"/var/log/auth.log.3.gz",408056,"2026-03-22 00:00:01","auth.log.3.gz" +"/var/log/borg/backup-20260223.log",17687,"2026-02-23 03:13:53","borg" +"/var/log/borg/backup-20260224.log",4488,"2026-02-24 03:19:34","borg" +"/var/log/borg/backup-20260225.log",5558,"2026-02-25 03:06:02","borg" +"/var/log/borg/backup-20260226.log",5299,"2026-02-26 03:04:17","borg" +"/var/log/borg/backup-20260227.log",4831,"2026-02-27 03:14:48","borg" +"/var/log/borg/backup-20260228.log",3944,"2026-02-28 03:06:34","borg" +"/var/log/borg/backup-20260301.log",4249,"2026-03-01 03:14:17","borg" +"/var/log/borg/backup-20260302.log",4457,"2026-03-02 03:09:35","borg" +"/var/log/borg/backup-20260303.log",4284,"2026-03-03 03:26:37","borg" +"/var/log/borg/backup-20260304.log",4284,"2026-03-04 03:20:06","borg" +"/var/log/borg/backup-20260305.log",5314,"2026-03-05 03:16:48","borg" +"/var/log/borg/backup-20260306.log",142179,"2026-03-06 03:44:37","borg" +"/var/log/borg/backup-20260307.log",161491,"2026-03-07 19:01:42","borg" +"/var/log/borg/backup-20260308.log",4029,"2026-03-08 03:29:01","borg" +"/var/log/borg/backup-20260309.log",3128,"2026-03-09 03:16:46","borg" +"/var/log/borg/backup-20260310.log",3225,"2026-03-10 03:14:59","borg" +"/var/log/borg/backup-20260311.log",4354,"2026-03-11 03:16:30","borg" +"/var/log/borg/backup-20260312.log",4417,"2026-03-12 03:14:53","borg" +"/var/log/borg/backup-20260313.log",3735,"2026-03-13 03:12:33","borg" +"/var/log/borg/backup-20260314.log",4997,"2026-03-14 03:14:35","borg" +"/var/log/borg/backup-20260315.log",5159,"2026-03-15 03:01:02","borg" +"/var/log/borg/backup-20260316.log",4477,"2026-03-16 03:13:33","borg" +"/var/log/borg/backup-20260317.log",5176,"2026-03-17 03:04:05","borg" +"/var/log/borg/backup-20260318.log",5607,"2026-03-18 03:31:14","borg" +"/var/log/borg/backup-20260319.log",5814,"2026-03-19 03:04:23","borg" +"/var/log/borg/backup-20260320.log",5538,"2026-03-20 03:17:58","borg" +"/var/log/borg/backup-20260321.log",4998,"2026-03-21 03:24:34","borg" +"/var/log/borg/backup-20260322.log",4328,"2026-03-22 03:09:31","borg" +"/var/log/borg/backup-20260323.log",4344,"2026-03-23 03:04:32","borg" +"/var/log/borg/backup-20260324.log",5678,"2026-03-24 03:16:31","borg" +"/var/log/borg/backup-20260325.log",4255,"2026-03-25 03:04:17","borg" +"/var/log/borg/backup-20260326.log",5367,"2026-03-26 03:35:49","borg" +"/var/log/borg/backup-20260327.log",5237,"2026-03-27 03:25:07","borg" +"/var/log/borg/backup-20260328.log",5843,"2026-03-28 03:07:25","borg" +"/var/log/borg/backup-20260329.log",4255,"2026-03-29 03:01:46","borg" +"/var/log/borg/backup-20260330.log",6246,"2026-03-30 03:00:49","borg" +"/var/log/borg/backup-20260331.log",5719,"2026-03-31 03:28:05","borg" +"/var/log/borg/backup-20260401.log",5650,"2026-04-01 03:03:21","borg" +"/var/log/borg/backup-20260402.log",5392,"2026-04-02 03:27:44","borg" +"/var/log/borg/backup-20260403.log",5679,"2026-04-03 03:16:16","borg" +"/var/log/borg/backup-20260404.log",5921,"2026-04-04 03:05:48","borg" +"/var/log/borg/backup-20260405.log",4686,"2026-04-05 03:18:53","borg" +"/var/log/borg/backup-20260406.log",4598,"2026-04-06 03:25:11","borg" +"/var/log/borg/backup-20260407.log",5538,"2026-04-07 03:21:12","borg" +"/var/log/borg/backup-20260408.log",5026,"2026-04-08 03:05:46","borg" +"/var/log/borg/backup-20260409.log",4768,"2026-04-09 03:30:10","borg" +"/var/log/borg-backup.log",2684,"2026-03-07 03:25:01","borg-backup.log" +"/var/log/daemon.log",0,"2026-03-15 16:21:08","daemon.log" +"/var/log/dmesg",47086,"2026-04-02 21:55:41","dmesg" +"/var/log/dmesg.0",48781,"2026-03-17 17:18:56","dmesg.0" +"/var/log/dmesg.1.gz",15093,"2026-02-24 08:59:15","dmesg.1.gz" +"/var/log/dmesg.2.gz",14842,"2026-02-10 21:55:30","dmesg.2.gz" +"/var/log/docker-upgrades/upgrade-2026-02-22_0414.log",242285,"2026-02-22 04:17:38","docker-upgrades" +"/var/log/docker-upgrades/upgrade-2026-03-01_0425.log",316644,"2026-03-01 04:28:46","docker-upgrades" +"/var/log/docker-upgrades/upgrade-2026-03-08_0400.log",36720,"2026-03-08 04:02:14","docker-upgrades" +"/var/log/docker-upgrades/upgrade-2026-03-15_0419.log",43143,"2026-03-15 04:22:04","docker-upgrades" +"/var/log/dpkg.log",31480,"2026-04-09 20:31:40","dpkg.log" +"/var/log/dpkg.log.1",378135,"2026-03-31 06:47:12","dpkg.log.1" +"/var/log/fail2ban.log",275707,"2026-04-10 21:45:08","fail2ban.log" +"/var/log/fail2ban.log.1",120226,"2026-04-04 23:56:38","fail2ban.log.1" +"/var/log/fail2ban.log.2.gz",46502,"2026-03-28 23:41:13","fail2ban.log.2.gz" +"/var/log/fail2ban.log.3.gz",75922,"2026-03-21 23:59:40","fail2ban.log.3.gz" +"/var/log/kern.log",6312924,"2026-04-10 21:45:55","kern.log" +"/var/log/kern.log.1",7697163,"2026-04-04 23:59:51","kern.log.1" +"/var/log/kern.log.2.gz",869113,"2026-03-28 23:59:55","kern.log.2.gz" +"/var/log/kern.log.3.gz",786862,"2026-03-21 23:59:58","kern.log.3.gz" +"/var/log/landscape/sysinfo.log",0,"2024-05-29 10:04:47","landscape" +"/var/log/mail.log",1710695,"2026-04-10 21:39:19","mail.log" +"/var/log/mail.log.1",543852,"2026-04-04 23:36:15","mail.log.1" +"/var/log/mail.log.2.gz",104737,"2026-03-28 23:54:03","mail.log.2.gz" +"/var/log/mail.log.3.gz",166562,"2026-03-22 00:00:00","mail.log.3.gz" +"/var/log/syslog",9053418,"2026-04-10 21:46:08","syslog" +"/var/log/syslog.2.gz",1414079,"2026-03-29 00:00:01","syslog.2.gz" +"/var/log/syslog.3.gz",1301609,"2026-03-22 00:00:01","syslog.3.gz" +"/var/log/ubuntu-advantage-apt-hook.log",0,"2025-12-20 10:27:04","ubuntu-advantage-apt-hook.log" +"/var/log/ubuntu-advantage.log",0,"2026-01-01 00:00:24","ubuntu-advantage.log" +"/var/log/ufw.log",6312785,"2026-04-10 21:45:55","ufw.log" +"/var/log/ufw.log.1",7643908,"2026-04-04 23:59:51","ufw.log.1" +"/var/log/ufw.log.2.gz",868593,"2026-03-28 23:59:55","ufw.log.2.gz" +"/var/log/ufw.log.3.gz",853018,"2026-03-21 23:59:58","ufw.log.3.gz" diff --git a/logs/inventory/ca2.csv b/logs/inventory/ca2.csv new file mode 100644 index 0000000..e2d738c --- /dev/null +++ b/logs/inventory/ca2.csv @@ -0,0 +1,48 @@ +"/var/log/alternatives.log",444,"2026-04-09 13:59:37","alternatives.log" +"/var/log/alternatives.log.1",5445,"2026-03-30 17:54:08","alternatives.log.1" +"/var/log/alternatives.log.2.gz",1954,"2026-02-25 05:43:51","alternatives.log.2.gz" +"/var/log/apt/eipp.log.xz",25188,"2026-04-09 14:04:01","apt" +"/var/log/apt/history.log",1064,"2026-04-09 14:04:02","apt" +"/var/log/apt/history.log.1.gz",4112,"2026-03-30 17:56:06","apt" +"/var/log/apt/history.log.2.gz",6320,"2026-02-25 06:18:18","apt" +"/var/log/apt/term.log",6090,"2026-04-09 14:04:02","apt" +"/var/log/apt/term.log.1.gz",11373,"2026-03-30 17:56:06","apt" +"/var/log/apt/term.log.2.gz",22264,"2026-02-25 06:18:18","apt" +"/var/log/auth.log",1668482,"2026-04-10 21:46:08","auth.log" +"/var/log/auth.log.1",3431218,"2026-04-05 00:00:03","auth.log.1" +"/var/log/auth.log.2.gz",499310,"2026-03-29 00:00:07","auth.log.2.gz" +"/var/log/auth.log.3.gz",861858,"2026-03-21 23:59:31","auth.log.3.gz" +"/var/log/auth.log.4.gz",1616911,"2026-03-15 00:00:28","auth.log.4.gz" +"/var/log/cloud-init-output.log",9494,"2026-02-25 05:52:50","cloud-init-output.log" +"/var/log/cloud-init.log",236203,"2026-02-25 05:52:50","cloud-init.log" +"/var/log/cron.log",19007,"2026-04-10 21:17:01","cron.log" +"/var/log/cron.log.1",22552,"2026-04-04 23:17:01","cron.log.1" +"/var/log/cron.log.2.gz",2630,"2026-03-28 23:17:01","cron.log.2.gz" +"/var/log/cron.log.3.gz",2673,"2026-03-21 23:17:01","cron.log.3.gz" +"/var/log/cron.log.4.gz",2606,"2026-03-14 23:17:01","cron.log.4.gz" +"/var/log/daemon.log",64397,"2026-02-25 05:41:19","daemon.log" +"/var/log/dpkg.log",6312,"2026-04-09 14:04:02","dpkg.log" +"/var/log/dpkg.log.1",159751,"2026-03-30 17:56:06","dpkg.log.1" +"/var/log/dpkg.log.2.gz",27758,"2026-02-25 06:18:18","dpkg.log.2.gz" +"/var/log/fail2ban.log",318706,"2026-04-10 21:39:38","fail2ban.log" +"/var/log/fail2ban.log.1",307564,"2026-04-04 23:58:58","fail2ban.log.1" +"/var/log/fail2ban.log.2.gz",75260,"2026-03-28 23:59:43","fail2ban.log.2.gz" +"/var/log/fail2ban.log.3.gz",41764,"2026-03-21 23:55:40","fail2ban.log.3.gz" +"/var/log/fontconfig.log",783,"2026-03-30 17:54:07","fontconfig.log" +"/var/log/kern.log",0,"2026-03-29 00:00:18","kern.log" +"/var/log/kern.log.1",36335,"2026-03-27 07:37:32","kern.log.1" +"/var/log/kern.log.2.gz",479537,"2026-03-18 04:08:03","kern.log.2.gz" +"/var/log/kern.log.3.gz",1073701,"2026-03-15 00:00:22","kern.log.3.gz" +"/var/log/kern.log.4.gz",1103769,"2026-03-08 00:00:06","kern.log.4.gz" +"/var/log/messages",46107,"2026-02-25 05:41:10","messages" +"/var/log/syslog",39618,"2026-04-10 21:17:01","syslog" +"/var/log/syslog.2.gz",71372,"2026-03-29 00:00:18","syslog.2.gz" +"/var/log/syslog.3.gz",543639,"2026-03-22 00:00:29","syslog.3.gz" +"/var/log/syslog.4.gz",1140908,"2026-03-15 00:00:42","syslog.4.gz" +"/var/log/ufw.log",0,"2026-03-22 00:00:32","ufw.log" +"/var/log/ufw.log.1",3883463,"2026-03-18 04:08:03","ufw.log.1" +"/var/log/ufw.log.2.gz",1073701,"2026-03-15 00:00:22","ufw.log.2.gz" +"/var/log/ufw.log.3.gz",1103769,"2026-03-08 00:00:06","ufw.log.3.gz" +"/var/log/ufw.log.4.gz",587773,"2026-03-01 00:00:05","ufw.log.4.gz" +"/var/log/user.log",0,"2026-03-01 00:00:14","user.log" +"/var/log/user.log.1",863,"2026-02-25 04:42:04","user.log.1" diff --git a/logs/inventory/ca3.csv b/logs/inventory/ca3.csv new file mode 100644 index 0000000..98cb01a --- /dev/null +++ b/logs/inventory/ca3.csv @@ -0,0 +1,9 @@ +"/var/log/alternatives.log",4186,"2026-03-21 17:01:09","alternatives.log" +"/var/log/apt/eipp.log.xz",12428,"2026-03-31 21:36:43","apt" +"/var/log/apt/history.log",11579,"2026-03-31 21:36:51","apt" +"/var/log/apt/term.log",63092,"2026-03-31 21:36:51","apt" +"/var/log/auth.log",1476,"2024-02-05 18:44:54","auth.log" +"/var/log/daemon.log",28345,"2024-02-05 18:44:55","daemon.log" +"/var/log/dpkg.log",137512,"2026-03-31 21:36:51","dpkg.log" +"/var/log/messages",281,"2024-02-05 18:42:59","messages" +"/var/log/syslog",28775,"2024-02-05 18:44:55","syslog" diff --git a/logs/inventory/fr1.csv b/logs/inventory/fr1.csv new file mode 100644 index 0000000..1bcaaee --- /dev/null +++ b/logs/inventory/fr1.csv @@ -0,0 +1,106 @@ +"/var/log/alternatives.log",444,"2026-04-09 13:58:06","alternatives.log" +"/var/log/alternatives.log.1",12764,"2026-03-29 09:14:11","alternatives.log.1" +"/var/log/apport.log",0,"2026-02-04 00:00:06","apport.log" +"/var/log/apt/eipp.log.xz",43500,"2026-04-09 21:23:59","apt" +"/var/log/apt/history.log",5998,"2026-04-09 21:41:55","apt" +"/var/log/apt/history.log.1.gz",2817,"2026-03-31 06:57:53","apt" +"/var/log/apt/term.log",30609,"2026-04-09 21:41:55","apt" +"/var/log/apt/term.log.1.gz",7201,"2026-03-31 06:57:53","apt" +"/var/log/auth.log",1975430,"2026-04-10 21:46:09","auth.log" +"/var/log/auth.log.1",3123876,"2026-04-05 00:00:01","auth.log.1" +"/var/log/auth.log.2.gz",331548,"2026-03-28 23:59:49","auth.log.2.gz" +"/var/log/auth.log.3.gz",395408,"2026-03-22 00:00:02","auth.log.3.gz" +"/var/log/bootstrap.log",1,"2020-08-01 05:42:09","bootstrap.log" +"/var/log/borg/backup-20260223.log",23653,"2026-02-23 03:19:55","borg" +"/var/log/borg/backup-20260224.log",3611,"2026-02-24 03:19:25","borg" +"/var/log/borg/backup-20260225.log",5328,"2026-02-25 03:21:37","borg" +"/var/log/borg/backup-20260226.log",4947,"2026-02-26 03:06:52","borg" +"/var/log/borg/backup-20260227.log",7327,"2026-02-27 03:29:47","borg" +"/var/log/borg/backup-20260228.log",4404,"2026-02-28 03:29:47","borg" +"/var/log/borg/backup-20260301.log",4574,"2026-03-01 03:15:46","borg" +"/var/log/borg/backup-20260302.log",7074,"2026-03-02 03:02:08","borg" +"/var/log/borg/backup-20260303.log",4744,"2026-03-03 03:03:52","borg" +"/var/log/borg/backup-20260304.log",4953,"2026-03-04 03:42:21","borg" +"/var/log/borg/backup-20260305.log",6534,"2026-03-05 03:22:34","borg" +"/var/log/borg/backup-20260306.log",6792,"2026-03-06 03:23:15","borg" +"/var/log/borg/backup-20260307.log",4602,"2026-03-07 03:13:48","borg" +"/var/log/borg/backup-20260308.log",3890,"2026-03-08 03:02:24","borg" +"/var/log/borg/backup-20260309.log",3968,"2026-03-09 03:19:55","borg" +"/var/log/borg/backup-20260310.log",3044,"2026-03-10 03:15:29","borg" +"/var/log/borg/backup-20260311.log",4528,"2026-03-11 03:16:46","borg" +"/var/log/borg/backup-20260312.log",4246,"2026-03-12 03:24:15","borg" +"/var/log/borg/backup-20260313.log",4246,"2026-03-13 03:23:31","borg" +"/var/log/borg/backup-20260314.log",4105,"2026-03-14 03:31:23","borg" +"/var/log/borg/backup-20260315.log",4386,"2026-03-15 03:11:51","borg" +"/var/log/borg/backup-20260316.log",181139,"2026-03-16 13:50:37","borg" +"/var/log/borg/backup-20260317.log",4396,"2026-03-17 03:07:52","borg" +"/var/log/borg/backup-20260318.log",380400,"2026-03-18 03:25:20","borg" +"/var/log/borg/backup-20260319.log",813842,"2026-03-19 03:16:43","borg" +"/var/log/borg/backup-20260320.log",6116,"2026-03-20 03:07:58","borg" +"/var/log/borg/backup-20260321.log",896813,"2026-03-21 03:26:37","borg" +"/var/log/borg/backup-20260322.log",117634,"2026-03-22 03:28:25","borg" +"/var/log/borg/backup-20260323.log",6285,"2026-03-23 03:05:08","borg" +"/var/log/borg/backup-20260324.log",82306,"2026-03-24 03:21:37","borg" +"/var/log/borg/backup-20260325.log",134429,"2026-03-25 03:31:25","borg" +"/var/log/borg/backup-20260326.log",6477,"2026-03-26 03:11:22","borg" +"/var/log/borg/backup-20260327.log",5384,"2026-03-27 03:42:48","borg" +"/var/log/borg/backup-20260328.log",475,"2026-03-28 03:08:01","borg" +"/var/log/borg-backup.log",2445959,"2026-03-23 03:30:25","borg-backup.log" +"/var/log/dist-upgrade/20251231-1927/main.log",894,"2025-12-31 19:27:27","dist-upgrade" +"/var/log/dist-upgrade/apt.log",63330,"2025-12-31 19:33:44","dist-upgrade" +"/var/log/dist-upgrade/apt-term.log",244692,"2025-12-31 19:34:05","dist-upgrade" +"/var/log/dist-upgrade/eipp.log.xz",26500,"2025-12-31 19:33:52","dist-upgrade" +"/var/log/dist-upgrade/history.log",77010,"2025-12-31 19:34:05","dist-upgrade" +"/var/log/dist-upgrade/main.log",42845,"2025-12-31 19:34:08","dist-upgrade" +"/var/log/dist-upgrade/xorg_fixup.log",78,"2025-12-31 19:34:08","dist-upgrade" +"/var/log/dmesg",46202,"2026-04-02 21:55:43","dmesg" +"/var/log/dmesg.0",44606,"2026-03-30 13:23:27","dmesg.0" +"/var/log/dmesg.1.gz",13808,"2026-03-17 15:35:26","dmesg.1.gz" +"/var/log/dmesg.2.gz",14230,"2026-02-24 08:57:49","dmesg.2.gz" +"/var/log/dmesg.3.gz",14323,"2026-02-10 22:01:38","dmesg.3.gz" +"/var/log/docker-upgrades/upgrade-2026-02-22_0428.log",28151,"2026-02-22 04:29:20","docker-upgrades" +"/var/log/docker-upgrades/upgrade-2026-03-01_0421.log",34035,"2026-03-01 04:22:20","docker-upgrades" +"/var/log/docker-upgrades/upgrade-2026-03-08_0417.log",6737,"2026-03-08 04:18:00","docker-upgrades" +"/var/log/docker-upgrades/upgrade-2026-03-15_0414.log",14263,"2026-03-15 04:14:56","docker-upgrades" +"/var/log/dpkg.log",45855,"2026-04-09 21:41:55","dpkg.log" +"/var/log/dpkg.log.1",122623,"2026-03-31 06:57:53","dpkg.log.1" +"/var/log/fail2ban.log",313271,"2026-04-10 21:39:26","fail2ban.log" +"/var/log/fail2ban.log.1",201136,"2026-04-04 23:54:00","fail2ban.log.1" +"/var/log/fail2ban.log.2.gz",54841,"2026-03-28 23:55:54","fail2ban.log.2.gz" +"/var/log/fail2ban.log.3.gz",87608,"2026-03-21 23:57:37","fail2ban.log.3.gz" +"/var/log/fontconfig.log",3080,"2026-02-26 22:17:31","fontconfig.log" +"/var/log/kern.log",6331059,"2026-04-10 21:46:25","kern.log" +"/var/log/kern.log.1",7672138,"2026-04-05 00:00:01","kern.log.1" +"/var/log/kern.log.2.gz",875287,"2026-03-28 23:59:45","kern.log.2.gz" +"/var/log/kern.log.3.gz",905871,"2026-03-22 00:00:01","kern.log.3.gz" +"/var/log/landscape/sysinfo.log",0,"2020-08-01 05:13:07","landscape" +"/var/log/mail.log",1330690,"2026-04-10 21:45:58","mail.log" +"/var/log/mail.log.1",2344562,"2026-04-04 23:52:06","mail.log.1" +"/var/log/mail.log.2.gz",168986,"2026-03-28 23:57:21","mail.log.2.gz" +"/var/log/mail.log.3.gz",557593,"2026-03-21 23:59:43","mail.log.3.gz" +"/var/log/nginx/access.log",120243,"2026-04-10 21:42:54","nginx" +"/var/log/nginx/access.log.1",150946,"2026-04-09 23:55:29","nginx" +"/var/log/nginx/access.log.2.gz",21286,"2026-04-08 23:54:14","nginx" +"/var/log/nginx/access.log.3.gz",42787,"2026-04-07 23:59:56","nginx" +"/var/log/nginx/access.log.4.gz",10982,"2026-04-07 00:00:01","nginx" +"/var/log/nginx/error.log",3822,"2026-04-10 19:27:59","nginx" +"/var/log/nginx/error.log.1",18722,"2026-04-09 23:55:29","nginx" +"/var/log/nginx/error.log.2.gz",3161,"2026-04-08 20:37:10","nginx" +"/var/log/nginx/error.log.3.gz",11513,"2026-04-07 23:59:36","nginx" +"/var/log/nginx/error.log.4.gz",888,"2026-04-06 23:58:49","nginx" +"/var/log/nginx/ttrss_access.log",0,"2026-03-15 00:00:04","nginx" +"/var/log/nginx/ttrss_error.log",0,"2026-03-13 00:00:02","nginx" +"/var/log/php8.1-fpm.log",0,"2026-01-04 00:00:02","php8.1-fpm.log" +"/var/log/php8.3-fpm.log",0,"2026-03-22 00:00:02","php8.3-fpm.log" +"/var/log/php8.3-fpm.log.1",152,"2026-03-16 14:38:51","php8.3-fpm.log.1" +"/var/log/postfix.log",5411070,"2026-02-02 23:37:02","postfix.log" +"/var/log/syslog",39541775,"2026-04-10 21:46:28","syslog" +"/var/log/syslog.2.gz",3947946,"2026-03-29 00:00:00","syslog.2.gz" +"/var/log/syslog.3.gz",3025463,"2026-03-22 00:00:02","syslog.3.gz" +"/var/log/ubuntu-advantage-apt-hook.log",0,"2025-12-31 19:24:17","ubuntu-advantage-apt-hook.log" +"/var/log/ubuntu-advantage.log",0,"2026-02-01 00:00:06","ubuntu-advantage.log" +"/var/log/ufw.log",6323723,"2026-04-10 21:46:25","ufw.log" +"/var/log/ufw.log.1",7563386,"2026-04-05 00:00:01","ufw.log.1" +"/var/log/ufw.log.2.gz",875043,"2026-03-28 23:59:45","ufw.log.2.gz" +"/var/log/ufw.log.3.gz",889229,"2026-03-22 00:00:01","ufw.log.3.gz" +"/var/log/voicemail-transcribe.log",1542001,"2026-04-10 21:45:53","voicemail-transcribe.log" diff --git a/logs/inventory/mo1.csv b/logs/inventory/mo1.csv new file mode 100644 index 0000000..5cba8a6 --- /dev/null +++ b/logs/inventory/mo1.csv @@ -0,0 +1,50 @@ +"/var/log/alternatives.log",444,"2026-04-09 13:58:39","alternatives.log" +"/var/log/alternatives.log.1",2106,"2026-03-28 10:28:14","alternatives.log.1" +"/var/log/alternatives.log.2.gz",2179,"2026-02-25 06:52:45","alternatives.log.2.gz" +"/var/log/apt/eipp.log.xz",30208,"2026-04-10 06:54:08","apt" +"/var/log/apt/history.log",2132,"2026-04-10 06:54:10","apt" +"/var/log/apt/history.log.1.gz",3926,"2026-03-31 07:51:09","apt" +"/var/log/apt/history.log.2.gz",9591,"2026-02-27 03:21:53","apt" +"/var/log/apt/term.log",11206,"2026-04-10 06:54:10","apt" +"/var/log/apt/term.log.1.gz",10759,"2026-03-31 07:51:09","apt" +"/var/log/apt/term.log.2.gz",31943,"2026-02-27 03:21:53","apt" +"/var/log/auth.log",2328595,"2026-04-10 21:45:05","auth.log" +"/var/log/auth.log.1",4497091,"2026-04-05 00:00:03","auth.log.1" +"/var/log/auth.log.2.gz",612106,"2026-03-29 00:00:02","auth.log.2.gz" +"/var/log/auth.log.3.gz",927025,"2026-03-22 00:00:01","auth.log.3.gz" +"/var/log/auth.log.4.gz",1074181,"2026-03-15 00:00:10","auth.log.4.gz" +"/var/log/cloud-init-output.log",7155,"2026-02-23 20:09:45","cloud-init-output.log" +"/var/log/cloud-init.log",161364,"2026-02-23 20:09:45","cloud-init.log" +"/var/log/cron.log",230482,"2026-04-10 21:45:01","cron.log" +"/var/log/cron.log.1",262751,"2026-04-05 00:00:02","cron.log.1" +"/var/log/cron.log.2.gz",32027,"2026-03-29 00:00:01","cron.log.2.gz" +"/var/log/cron.log.3.gz",27210,"2026-03-22 00:00:01","cron.log.3.gz" +"/var/log/cron.log.4.gz",2814,"2026-03-14 23:17:01","cron.log.4.gz" +"/var/log/daemon.log",350423,"2026-02-23 19:52:47","daemon.log" +"/var/log/daemon.log.1",302076,"2026-02-22 00:00:12","daemon.log.1" +"/var/log/dpkg.log",14705,"2026-04-10 06:54:10","dpkg.log" +"/var/log/dpkg.log.1",148161,"2026-03-31 07:51:09","dpkg.log.1" +"/var/log/dpkg.log.2.gz",40791,"2026-02-27 03:21:53","dpkg.log.2.gz" +"/var/log/fail2ban.log",227779,"2026-04-10 21:33:00","fail2ban.log" +"/var/log/fail2ban.log.1",273331,"2026-04-04 23:58:53","fail2ban.log.1" +"/var/log/fail2ban.log.2.gz",70980,"2026-03-28 23:55:57","fail2ban.log.2.gz" +"/var/log/fail2ban.log.3.gz",47472,"2026-03-21 23:59:19","fail2ban.log.3.gz" +"/var/log/fontconfig.log",1901,"2026-04-08 19:09:34","fontconfig.log" +"/var/log/git-bundle-backup.log",10056,"2026-04-10 03:00:24","git-bundle-backup.log" +"/var/log/gitea-borg-backup.log",6500,"2026-04-10 20:00:01","gitea-borg-backup.log" +"/var/log/kern.log",41872,"2026-04-09 20:32:40","kern.log" +"/var/log/kern.log.1",531229,"2026-04-02 22:01:09","kern.log.1" +"/var/log/kern.log.2.gz",29450,"2026-03-28 18:58:21","kern.log.2.gz" +"/var/log/kern.log.3.gz",367869,"2026-03-21 09:04:40","kern.log.3.gz" +"/var/log/kern.log.4.gz",8792,"2026-03-14 23:49:28","kern.log.4.gz" +"/var/log/messages",2277,"2026-02-23 19:52:39","messages" +"/var/log/rclone-media.log",18327234,"2026-04-10 21:45:33","rclone-media.log" +"/var/log/syslog",67501427,"2026-04-10 21:46:09","syslog" +"/var/log/syslog.2.gz",3058561,"2026-03-29 00:00:04","syslog.2.gz" +"/var/log/syslog.3.gz",7227084,"2026-03-22 00:00:04","syslog.3.gz" +"/var/log/syslog.4.gz",1477465,"2026-03-15 00:00:07","syslog.4.gz" +"/var/log/user.log",9179,"2026-04-10 11:40:23","user.log" +"/var/log/user.log.1",17065,"2026-04-04 15:50:54","user.log.1" +"/var/log/user.log.2.gz",1151,"2026-03-28 20:10:30","user.log.2.gz" +"/var/log/user.log.3.gz",668,"2026-03-21 01:31:32","user.log.3.gz" +"/var/log/user.log.4.gz",249,"2026-03-15 23:45:31","user.log.4.gz" diff --git a/logs/inventory/ro1.csv b/logs/inventory/ro1.csv new file mode 100644 index 0000000..752cd7e --- /dev/null +++ b/logs/inventory/ro1.csv @@ -0,0 +1,59 @@ +"/var/log/auth.log",249618,"","auth.log" +"/var/log/auth.log.0.bz2",74572,"","auth.log.0.bz2" +"/var/log/auth.log.1.bz2",75580,"","auth.log.1.bz2" +"/var/log/auth.log.2.bz2",72352,"","auth.log.2.bz2" +"/var/log/auth.log.3.bz2",67674,"","auth.log.3.bz2" +"/var/log/auth.log.4.bz2",65672,"","auth.log.4.bz2" +"/var/log/auth.log.5.bz2",73896,"","auth.log.5.bz2" +"/var/log/auth.log.6.bz2",79217,"","auth.log.6.bz2" +"/var/log/borg-backup.log",13318316,"","borg-backup.log" +"/var/log/certbot-renew.log",120570,"","certbot-renew.log" +"/var/log/daemon.log",779089,"","daemon.log" +"/var/log/daemon.log.0.bz2",31246,"","daemon.log.0.bz2" +"/var/log/daemon.log.1.bz2",30848,"","daemon.log.1.bz2" +"/var/log/daemon.log.2.bz2",31503,"","daemon.log.2.bz2" +"/var/log/debug.log",89382,"","debug.log" +"/var/log/devd.log",65,"","devd.log" +"/var/log/dmesg.today",0,"","dmesg.today" +"/var/log/dmesg.yesterday",251,"","dmesg.yesterday" +"/var/log/flood.log",2660480,"","flood.log" +"/var/log/freedns-access.log",1923352,"","freedns-access.log" +"/var/log/freedns-error.log",34093,"","freedns-error.log" +"/var/log/freedns-ssl-access.log",4410711,"","freedns-ssl-access.log" +"/var/log/freedns-ssl-error.log",1343992,"","freedns-ssl-error.log" +"/var/log/httpd-access.log",3382629,"","httpd-access.log" +"/var/log/httpd-error.log",5787754,"","httpd-error.log" +"/var/log/httpd-flood-access.log",1590,"","httpd-flood-access.log" +"/var/log/httpd-flood-error.log",432900,"","httpd-flood-error.log" +"/var/log/httpd-jellyfin-error.log",467100,"","httpd-jellyfin-error.log" +"/var/log/httpd-nextcloud-access.log",932361,"","httpd-nextcloud-access.log" +"/var/log/httpd-nextcloud-error.log",4823,"","httpd-nextcloud-error.log" +"/var/log/httpd-radicale-access.log",544314,"","httpd-radicale-access.log" +"/var/log/httpd-radicale-error.log",176540,"","httpd-radicale-error.log" +"/var/log/httpd/i47i.tk-access.log",9705942,"","httpd" +"/var/log/httpd/i47i.tk-error.log",400820,"","httpd" +"/var/log/manual-upgrades/upgrade-2026-03-08_0400.log",5210,"","manual-upgrades" +"/var/log/manual-upgrades/upgrade-2026-03-15_0400.log",4452,"","manual-upgrades" +"/var/log/manual-upgrades/upgrade-2026-03-22_0400.log",3531,"","manual-upgrades" +"/var/log/manual-upgrades/upgrade-2026-03-29_0400.log",2700,"","manual-upgrades" +"/var/log/matomo-access.log",2246346,"","matomo-access.log" +"/var/log/matomo-error.log",205073,"","matomo-error.log" +"/var/log/messages",511888,"","messages" +"/var/log/mount_monitor.log",526613,"","mount_monitor.log" +"/var/log/mount_monitor.log.old",1048798,"","mount_monitor.log.old" +"/var/log/nextcloud/nextcloud.log",31242,"","nextcloud" +"/var/log/php-fpm.log",1536,"","php-fpm.log" +"/var/log/ppp.log",65,"","ppp.log" +"/var/log/radicale.log",0,"","radicale.log" +"/var/log/rclone_1fichier.log",3527081,"","rclone_1fichier.log" +"/var/log/redis/redis.log",6484550,"","redis" +"/var/log/syncthing.log",12201,"","syncthing.log" +"/var/log/utx.log",0,"","utx.log" +"/var/log/utx.log.0",1850,"","utx.log.0" +"/var/log/utx.log.1",32191,"","utx.log.1" +"/var/log/utx.log.2",27162,"","utx.log.2" +"/var/log/webmail-access.log",39659,"","webmail-access.log" +"/var/log/webmail-error.log",0,"","webmail-error.log" +"/var/log/webmail-ssl-access.log",24984682,"","webmail-ssl-access.log" +"/var/log/webmail-ssl-error.log",28197,"","webmail-ssl-error.log" +"/var/log/wg-restart.log",899,"","wg-restart.log" diff --git a/logs/inventory/sony.csv b/logs/inventory/sony.csv new file mode 100644 index 0000000..908d42e --- /dev/null +++ b/logs/inventory/sony.csv @@ -0,0 +1,128 @@ +"/var/log/alternatives.log",2449,"2026-04-09 20:38:07","alternatives.log" +"/var/log/alternatives.log.1",17929,"2026-03-26 10:05:25","alternatives.log.1" +"/var/log/alternatives.log.10.gz",1357,"2025-03-24 21:07:35","alternatives.log.10.gz" +"/var/log/alternatives.log.2.gz",1408,"2026-02-23 19:23:50","alternatives.log.2.gz" +"/var/log/alternatives.log.3.gz",543,"2026-01-29 10:31:47","alternatives.log.3.gz" +"/var/log/alternatives.log.4.gz",718,"2026-01-25 13:47:35","alternatives.log.4.gz" +"/var/log/alternatives.log.5.gz",204,"2025-12-20 06:32:33","alternatives.log.5.gz" +"/var/log/alternatives.log.6.gz",764,"2025-10-30 17:05:36","alternatives.log.6.gz" +"/var/log/alternatives.log.7.gz",296,"2025-07-25 10:18:40","alternatives.log.7.gz" +"/var/log/alternatives.log.8.gz",235,"2025-07-09 03:13:46","alternatives.log.8.gz" +"/var/log/alternatives.log.9.gz",1314,"2025-06-11 20:12:25","alternatives.log.9.gz" +"/var/log/apt/eipp.log.xz",116496,"2026-04-09 20:37:21","apt" +"/var/log/apt/history.log",7518,"2026-04-09 20:38:22","apt" +"/var/log/apt/history.log.10.gz",909,"2025-07-09 03:14:58","apt" +"/var/log/apt/history.log.11.gz",3928,"2025-06-11 20:12:45","apt" +"/var/log/apt/history.log.12.gz",4615,"2025-03-24 21:07:37","apt" +"/var/log/apt/history.log.1.gz",2421,"2026-03-30 14:03:10","apt" +"/var/log/apt/history.log.2.gz",6616,"2026-02-26 17:26:47","apt" +"/var/log/apt/history.log.3.gz",3645,"2026-01-29 10:33:58","apt" +"/var/log/apt/history.log.4.gz",993,"2025-12-27 18:10:09","apt" +"/var/log/apt/history.log.5.gz",424,"2025-11-30 01:12:46","apt" +"/var/log/apt/history.log.6.gz",150,"2025-11-01 22:17:42","apt" +"/var/log/apt/history.log.7.gz",3294,"2025-10-30 17:09:46","apt" +"/var/log/apt/history.log.8.gz",149,"2025-08-20 22:33:24","apt" +"/var/log/apt/history.log.9.gz",1870,"2025-07-25 13:16:41","apt" +"/var/log/apt/term.log",28371,"2026-04-09 20:38:22","apt" +"/var/log/apt/term.log.10.gz",2687,"2025-07-09 03:14:58","apt" +"/var/log/apt/term.log.11.gz",12721,"2025-06-11 20:12:45","apt" +"/var/log/apt/term.log.12.gz",13174,"2025-03-24 21:07:37","apt" +"/var/log/apt/term.log.1.gz",8937,"2026-03-30 14:03:10","apt" +"/var/log/apt/term.log.2.gz",19428,"2026-02-26 17:26:47","apt" +"/var/log/apt/term.log.3.gz",10479,"2026-01-29 10:33:58","apt" +"/var/log/apt/term.log.4.gz",2862,"2025-12-27 18:10:09","apt" +"/var/log/apt/term.log.5.gz",1163,"2025-11-30 01:12:46","apt" +"/var/log/apt/term.log.6.gz",257,"2025-11-01 22:17:42","apt" +"/var/log/apt/term.log.7.gz",9236,"2025-10-30 17:09:46","apt" +"/var/log/apt/term.log.8.gz",257,"2025-08-20 22:33:24","apt" +"/var/log/apt/term.log.9.gz",5013,"2025-07-25 13:16:41","apt" +"/var/log/boot.log",0,"2026-04-10 00:00:03","boot.log" +"/var/log/boot.log.1",11125,"2026-04-10 00:00:03","boot.log.1" +"/var/log/boot.log.2",10201,"2026-04-09 00:00:00","boot.log.2" +"/var/log/boot.log.3",11388,"2026-04-03 00:00:03","boot.log.3" +"/var/log/boot.log.4",10395,"2026-03-29 00:00:05","boot.log.4" +"/var/log/boot.log.5",32086,"2026-03-21 00:00:02","boot.log.5" +"/var/log/boot.log.6",24228,"2026-03-17 00:00:01","boot.log.6" +"/var/log/boot.log.7",10207,"2026-02-26 00:00:30","boot.log.7" +"/var/log/bootstrap.log",0,"2024-06-29 09:06:14","bootstrap.log" +"/var/log/borg/backup-20260223.log",40782,"2026-02-23 05:16:20","borg" +"/var/log/borg/backup-20260224.log",115678,"2026-02-24 05:31:12","borg" +"/var/log/borg/backup-20260225.log",29784,"2026-02-25 05:14:25","borg" +"/var/log/borg/backup-20260226.log",44607,"2026-02-26 05:19:10","borg" +"/var/log/borg/backup-20260227.log",29605,"2026-02-27 04:32:52","borg" +"/var/log/borg/backup-20260228.log",18122,"2026-02-28 04:34:31","borg" +"/var/log/borg/backup-20260301.log",16405,"2026-03-01 04:30:26","borg" +"/var/log/borg/backup-20260302.log",506199,"2026-03-02 04:28:47","borg" +"/var/log/borg/backup-20260303.log",17102,"2026-03-03 04:22:27","borg" +"/var/log/borg/backup-20260304.log",24795,"2026-03-04 09:27:33","borg" +"/var/log/borg/backup-20260305.log",103798,"2026-03-05 04:11:19","borg" +"/var/log/borg/backup-20260306.log",31212,"2026-03-06 05:55:09","borg" +"/var/log/borg/backup-20260307.log",18997,"2026-03-07 04:56:29","borg" +"/var/log/borg/backup-20260308.log",32345,"2026-03-08 05:16:59","borg" +"/var/log/borg/backup-20260309.log",32377,"2026-03-09 05:04:11","borg" +"/var/log/borg/backup-20260310.log",27966,"2026-03-10 03:36:29","borg" +"/var/log/borg/backup-20260311.log",34867,"2026-03-11 05:07:15","borg" +"/var/log/borg/backup-20260312.log",32992,"2026-03-12 05:06:03","borg" +"/var/log/borg/backup-20260313.log",32120,"2026-03-13 05:11:52","borg" +"/var/log/borg/backup-20260314.log",28482,"2026-03-14 05:34:42","borg" +"/var/log/borg/backup-20260315.log",22224,"2026-03-15 05:01:23","borg" +"/var/log/borg/backup-20260316.log",59002,"2026-03-16 19:56:45","borg" +"/var/log/borg/backup-20260317.log",10543,"2026-03-17 07:49:52","borg" +"/var/log/borg/backup-20260318.log",42329,"2026-03-18 09:55:36","borg" +"/var/log/borg/backup-20260319.log",101153,"2026-03-19 08:20:48","borg" +"/var/log/borg/backup-20260320.log",208677,"2026-03-21 02:47:45","borg" +"/var/log/borg/backup-20260321.log",48232,"2026-03-21 08:08:22","borg" +"/var/log/borg/backup-20260322.log",34255,"2026-03-22 10:12:52","borg" +"/var/log/borg/backup-20260323.log",38361,"2026-03-23 09:49:15","borg" +"/var/log/borg/backup-20260324.log",54437,"2026-03-24 09:48:15","borg" +"/var/log/borg/backup-20260325.log",62273,"2026-03-25 10:07:14","borg" +"/var/log/borg/backup-20260326.log",33231,"2026-03-26 10:06:00","borg" +"/var/log/borg/backup-20260327.log",154608,"2026-03-27 09:52:57","borg" +"/var/log/borg/backup-20260328.log",50470,"2026-03-28 10:07:10","borg" +"/var/log/borg/backup-20260329.log",56738,"2026-03-29 10:32:05","borg" +"/var/log/borg/backup-20260330.log",45008,"2026-03-30 10:06:14","borg" +"/var/log/borg/backup-20260331.log",36407,"2026-03-31 09:37:37","borg" +"/var/log/borg/backup-20260401.log",32398,"2026-04-01 08:11:15","borg" +"/var/log/borg/backup-20260402.log",24698,"2026-04-02 09:42:40","borg" +"/var/log/borg/backup-20260403.log",133322,"2026-04-03 09:36:04","borg" +"/var/log/borg/backup-20260404.log",34287,"2026-04-04 09:31:18","borg" +"/var/log/borg/backup-20260405.log",37409,"2026-04-05 09:43:16","borg" +"/var/log/borg/backup-20260406.log",33626,"2026-04-06 10:47:06","borg" +"/var/log/borg/backup-20260407.log",37806,"2026-04-07 09:25:40","borg" +"/var/log/borg/backup-20260408.log",44762,"2026-04-08 09:24:09","borg" +"/var/log/borg/backup-20260409.log",75408,"2026-04-09 10:31:44","borg" +"/var/log/borg/cron.log",2251707,"2026-04-10 05:22:52","borg" +"/var/log/cups/access_log.2.gz",368,"2026-04-09 00:00:01","cups" +"/var/log/cups/access_log.3.gz",337,"2026-04-08 00:00:02","cups" +"/var/log/cups/access_log.4.gz",339,"2026-04-07 00:00:02","cups" +"/var/log/cups/access_log.5.gz",321,"2026-04-06 00:00:01","cups" +"/var/log/cups/access_log.6.gz",344,"2026-04-05 00:00:03","cups" +"/var/log/cups/access_log.7.gz",317,"2026-04-04 00:00:02","cups" +"/var/log/cups/error_log.2.gz",109,"2026-02-25 05:50:28","cups" +"/var/log/cups/error_log.3.gz",120,"2026-02-03 14:12:49","cups" +"/var/log/cups/error_log.4.gz",109,"2026-01-24 05:00:27","cups" +"/var/log/cups/error_log.5.gz",107,"2026-01-16 05:00:00","cups" +"/var/log/cups/error_log.6.gz",109,"2025-12-28 05:00:45","cups" +"/var/log/cups/error_log.7.gz",109,"2025-12-16 05:00:52","cups" +"/var/log/dpkg.log",79170,"2026-04-09 20:38:22","dpkg.log" +"/var/log/dpkg.log.1",172056,"2026-03-30 14:03:09","dpkg.log.1" +"/var/log/dpkg.log.10.gz",4772,"2025-07-09 03:14:58","dpkg.log.10.gz" +"/var/log/dpkg.log.11.gz",21063,"2025-06-11 20:12:45","dpkg.log.11.gz" +"/var/log/dpkg.log.12.gz",23025,"2025-03-24 21:07:37","dpkg.log.12.gz" +"/var/log/dpkg.log.2.gz",27009,"2026-02-26 17:26:47","dpkg.log.2.gz" +"/var/log/dpkg.log.3.gz",19151,"2026-01-29 10:33:58","dpkg.log.3.gz" +"/var/log/dpkg.log.4.gz",4865,"2025-12-27 18:10:09","dpkg.log.4.gz" +"/var/log/dpkg.log.5.gz",1013,"2025-11-30 01:12:46","dpkg.log.5.gz" +"/var/log/dpkg.log.6.gz",186,"2025-11-01 22:17:42","dpkg.log.6.gz" +"/var/log/dpkg.log.7.gz",18860,"2025-10-30 17:09:46","dpkg.log.7.gz" +"/var/log/dpkg.log.8.gz",185,"2025-08-20 22:33:24","dpkg.log.8.gz" +"/var/log/dpkg.log.9.gz",7748,"2025-07-25 13:16:41","dpkg.log.9.gz" +"/var/log/fontconfig.log",16615,"2026-02-14 01:51:38","fontconfig.log" +"/var/log/installer/syslog",198578,"2025-03-23 03:21:46","installer" +"/var/log/installer/Xorg.0.log",44876,"2025-03-23 03:21:46","installer" +"/var/log/sddm.log",0,"2024-06-29 09:06:14","sddm.log" +"/var/log/Xorg.0.log",47522,"2026-04-10 21:29:28","Xorg.0.log" +"/var/log/Xorg.0.log.old",42628,"2026-04-09 12:29:54","Xorg.0.log.old" +"/var/log/Xorg.2.log",51228,"2025-03-29 01:58:02","Xorg.2.log" +"/var/log/Xorg.2.log.old",45357,"2025-03-23 20:36:17","Xorg.2.log.old" +"/var/log/Xorg.4.log",43321,"2025-03-23 20:36:16","Xorg.4.log" diff --git a/logs/inventory/termux.csv b/logs/inventory/termux.csv new file mode 100644 index 0000000..1b17ade --- /dev/null +++ b/logs/inventory/termux.csv @@ -0,0 +1,29 @@ +"/data/data/com.termux/files/home/.local/var/debian/debian-fs/var/log/alternatives.log",74663,"2026-01-25 15:05:11","alternatives.log" +"/data/data/com.termux/files/home/.local/var/debian/debian-fs/var/log/apt/eipp.log.xz",33020,"2026-01-25 15:04:25","apt" +"/data/data/com.termux/files/home/.local/var/debian/debian-fs/var/log/apt/history.log",138276,"2026-01-25 15:05:20","apt" +"/data/data/com.termux/files/home/.local/var/debian/debian-fs/var/log/apt/term.log",1279412,"2026-01-25 15:05:20","apt" +"/data/data/com.termux/files/home/.local/var/debian/debian-fs/var/log/bootstrap.log",75657,"2022-11-13 07:36:10","bootstrap.log" +"/data/data/com.termux/files/home/.local/var/debian/debian-fs/var/log/dpkg.log",1369807,"2026-01-25 15:05:20","dpkg.log" +"/data/data/com.termux/files/home/.local/var/debian/debian-fs/var/log/fontconfig.log",13461,"2024-02-21 10:33:37","fontconfig.log" +"/data/data/com.termux/files/home/.local/var/fedora/fedora-fs/var/log/anaconda/anaconda.log",101454,"2024-07-26 16:48:49","anaconda" +"/data/data/com.termux/files/home/.local/var/fedora/fedora-fs/var/log/anaconda/dbus.log",3476,"2024-07-26 16:48:49","anaconda" +"/data/data/com.termux/files/home/.local/var/fedora/fedora-fs/var/log/anaconda/dnf.librepo.log",31090,"2024-07-26 16:48:50","anaconda" +"/data/data/com.termux/files/home/.local/var/fedora/fedora-fs/var/log/anaconda/hawkey.log",120,"2024-07-26 16:48:49","anaconda" +"/data/data/com.termux/files/home/.local/var/fedora/fedora-fs/var/log/anaconda/journal.log",746062,"2024-07-26 16:48:49","anaconda" +"/data/data/com.termux/files/home/.local/var/fedora/fedora-fs/var/log/anaconda/lorax-packages.log",25989,"2024-07-26 16:48:49","anaconda" +"/data/data/com.termux/files/home/.local/var/fedora/fedora-fs/var/log/anaconda/packaging.log",28677,"2024-07-26 16:48:50","anaconda" +"/data/data/com.termux/files/home/.local/var/fedora/fedora-fs/var/log/anaconda/program.log",8933,"2024-07-26 16:48:49","anaconda" +"/data/data/com.termux/files/home/.local/var/fedora/fedora-fs/var/log/anaconda/storage.log",66950,"2024-07-26 16:48:49","anaconda" +"/data/data/com.termux/files/home/.local/var/fedora/fedora-fs/var/log/anaconda/syslog",505487,"2024-07-26 16:48:49","anaconda" +"/data/data/com.termux/files/home/.local/var/fedora/fedora-fs/var/log/dnf.librepo.log",186446,"2026-01-25 15:05:58","dnf.librepo.log" +"/data/data/com.termux/files/home/.local/var/fedora/fedora-fs/var/log/dnf.log",496468,"2026-01-25 15:06:00","dnf.log" +"/data/data/com.termux/files/home/.local/var/fedora/fedora-fs/var/log/dnf.rpm.log",71157,"2026-01-25 15:05:50","dnf.rpm.log" +"/data/data/com.termux/files/home/.local/var/fedora/fedora-fs/var/log/hawkey.log",5940,"2026-01-25 15:05:50","hawkey.log" +"/data/data/com.termux/files/usr/var/log/alternatives.log",68273,"2026-04-02 20:59:54","alternatives.log" +"/data/data/com.termux/files/usr/var/log/apt/eipp.log.xz",9992,"2026-04-02 20:59:34","apt" +"/data/data/com.termux/files/usr/var/log/apt/history.log",191850,"2026-04-02 20:59:59","apt" +"/data/data/com.termux/files/usr/var/log/apt/term.log",1360953,"2026-04-02 20:59:59","apt" +"/data/data/com.termux/files/usr/var/log/borg/borg.log",37989099,"2024-06-30 23:05:56","borg" +"/data/data/com.termux/files/usr/var/log/mbsync/mbsync.log",704,"2025-02-13 02:14:43","mbsync" +"/data/data/com.termux/files/usr/var/log/notmuch/notmuch.log",3098180,"2025-02-13 02:14:42","notmuch" +"/data/data/com.termux/files/usr/var/log/rclone/rclone.log",125022,"2024-06-30 23:17:54","rclone" diff --git a/reports/SUMMARY.md b/reports/SUMMARY.md new file mode 100644 index 0000000..a504b93 --- /dev/null +++ b/reports/SUMMARY.md @@ -0,0 +1,87 @@ +# Cross-Server Log Inspection — Summary + +_Generated: 2026-04-10T21:49:07+00:00_ + +## Coverage + +| Host | Inventory entries | Status | Top log dirs | +|------|-------------------:|--------|--------------| +| ams | 31 | ok | /var/log/borg-backup.log (5.9M), /var/log/auth.log (612.1K), /var/log/utx.log.1 (468.9K) | +| ams2 | 73 | ok | /var/log/auth.log (648.3K), /var/log/messages (647.8K), /var/log/daemon.log (646.9K) | +| ca1 | 92 | ok | /var/log/syslog (8.6M), /var/log/kern.log.1 (7.3M), /var/log/ufw.log.1 (7.3M) | +| ca2 | 48 | ok | /var/log/ufw.log.1 (3.7M), /var/log/auth.log.1 (3.3M), /var/log/auth.log (1.6M) | +| ca3 | 9 | ok | /var/log/dpkg.log (134.3K), /var/log/apt (85.1K), /var/log/syslog (28.1K) | +| fr1 | 106 | ok | /var/log/syslog (37.7M), /var/log/kern.log.1 (7.3M), /var/log/ufw.log.1 (7.2M) | +| mo1 | 50 | ok | /var/log/syslog (64.4M), /var/log/rclone-media.log (17.5M), /var/log/syslog.3.gz (6.9M) | +| ro1 | 59 | ok | /var/log/webmail-ssl-access.log (23.8M), /var/log/borg-backup.log (12.7M), /var/log/httpd (9.6M) | +| sony | 128 | ok | /var/log/borg (4.8M), /var/log/apt (261.3K), /var/log/installer (237.7K) | +| termux | 29 | ok | /data/data/com.termux (45.9M) | + +## Top 25 largest log files (cluster-wide) + +| Host | Path | Size | Mtime | Service | +|------|------|-----:|-------|---------| +| mo1 | `/var/log/syslog` | 64.4M | 2026-04-10 21:46:09 | syslog | +| fr1 | `/var/log/syslog` | 37.7M | 2026-04-10 21:46:28 | syslog | +| termux | `/data/data/com.termux/files/usr/var/log/borg/borg.log` | 36.2M | 2024-06-30 23:05:56 | borg | +| ro1 | `/var/log/webmail-ssl-access.log` | 23.8M | | webmail-ssl-access.log | +| mo1 | `/var/log/rclone-media.log` | 17.5M | 2026-04-10 21:45:33 | rclone-media.log | +| ro1 | `/var/log/borg-backup.log` | 12.7M | | borg-backup.log | +| ro1 | `/var/log/httpd/i47i.tk-access.log` | 9.3M | | httpd | +| ca1 | `/var/log/syslog` | 8.6M | 2026-04-10 21:46:08 | syslog | +| ca1 | `/var/log/kern.log.1` | 7.3M | 2026-04-04 23:59:51 | kern.log.1 | +| fr1 | `/var/log/kern.log.1` | 7.3M | 2026-04-05 00:00:01 | kern.log.1 | +| ca1 | `/var/log/ufw.log.1` | 7.3M | 2026-04-04 23:59:51 | ufw.log.1 | +| fr1 | `/var/log/ufw.log.1` | 7.2M | 2026-04-05 00:00:01 | ufw.log.1 | +| mo1 | `/var/log/syslog.3.gz` | 6.9M | 2026-03-22 00:00:04 | syslog.3.gz | +| ro1 | `/var/log/redis/redis.log` | 6.2M | | redis | +| fr1 | `/var/log/kern.log` | 6.0M | 2026-04-10 21:46:25 | kern.log | +| fr1 | `/var/log/ufw.log` | 6.0M | 2026-04-10 21:46:25 | ufw.log | +| ca1 | `/var/log/kern.log` | 6.0M | 2026-04-10 21:45:55 | kern.log | +| ca1 | `/var/log/ufw.log` | 6.0M | 2026-04-10 21:45:55 | ufw.log | +| ams | `/var/log/borg-backup.log` | 5.9M | | borg-backup.log | +| ro1 | `/var/log/httpd-error.log` | 5.5M | | httpd-error.log | +| fr1 | `/var/log/postfix.log` | 5.2M | 2026-02-02 23:37:02 | postfix.log | +| mo1 | `/var/log/auth.log.1` | 4.3M | 2026-04-05 00:00:03 | auth.log.1 | +| ro1 | `/var/log/freedns-ssl-access.log` | 4.2M | | freedns-ssl-access.log | +| fr1 | `/var/log/syslog.2.gz` | 3.8M | 2026-03-29 00:00:00 | syslog.2.gz | +| ca2 | `/var/log/ufw.log.1` | 3.7M | 2026-03-18 04:08:03 | ufw.log.1 | + +## Anomalies — files with errors or excessive warnings + +| Host | Severity | Errors | Warns | Size | Path | +|------|----------|-------:|------:|-----:|------| +| ro1 | **HIGH** | 72 | 0 | 1.3M | `/var/log/freedns-ssl-error.log` | +| ro1 | **HIGH** | 62 | 0 | 27.5K | `/var/log/webmail-ssl-error.log` | +| ro1 | **HIGH** | 51 | 0 | 391.4K | `/var/log/httpd/i47i.tk-error.log` | +| ro1 | **HIGH** | 7 | 3614 | 1.0M | `/var/log/mount_monitor.log.old` | +| ro1 | **HIGH** | 0 | 1808 | 514.3K | `/var/log/mount_monitor.log` | +| ams | **MED** | 21 | 0 | 5.9M | `/var/log/borg-backup.log` | +| ro1 | **MED** | 0 | 886 | 500.3K | `/var/log/messages` | +| ro1 | **LOW** | 6 | 0 | 3.4M | `/var/log/rclone_1fichier.log` | +| ro1 | **LOW** | 5 | 0 | 12.7M | `/var/log/borg-backup.log` | +| ro1 | **LOW** | 3 | 0 | 2.4K | `/var/log/manual-upgrades/upgrade-2026-04-05_0400.log` | +| ams | **LOW** | 1 | 0 | 53.9K | `/var/log/debug.log.0.bz2` | +| ams2 | **LOW** | 1 | 0 | 259.3K | `/var/log/borg/cron.log` | + +## systemd journal error volume (24h) + +| Host | journalctl -p err lines | +|------|------------------------:| +| ams | 0 | +| ams2 | 0 | +| ca1 | 1 | +| ca2 | 1 | +| ca3 | 2 | +| fr1 | 1 | +| mo1 | 37 | +| ro1 | 0 | +| sony | 100 | +| termux | 0 | + +## Recommendations + +- **Investigate 5 HIGH-severity log file(s) immediately** — see table above. These have either ≥50 error lines or ≥1000 warning lines in the last 7 days. +- **Sparse inventories on ca3, termux** — these likely require sudo to enumerate /var/log fully. Re-run discovery as root for a complete picture (the runner can be extended to use `sudo -n` on Linux hosts as it already does on FreeBSD). +- Re-run `./scripts/run-all.sh` on a schedule (cron / systemd timer) and commit the diff to track regressions over time. +- Consider centralising logs (Loki / Vector → VictoriaLogs on mo1) so this scan becomes a single query rather than 10 SSH fan-outs. diff --git a/scripts/build-summary.py b/scripts/build-summary.py new file mode 100644 index 0000000..f5b8036 --- /dev/null +++ b/scripts/build-summary.py @@ -0,0 +1,174 @@ +#!/usr/bin/env python3 +"""Aggregate per-host CSV inventories + anomaly text into reports/SUMMARY.md.""" +from __future__ import annotations +import csv, glob, os, re, sys +from pathlib import Path +from datetime import datetime, timezone + +ROOT = Path(__file__).resolve().parent.parent +INV_DIR = ROOT / "logs" / "inventory" +ANOM_DIR = ROOT / "anomalies" +OUT = ROOT / "reports" / "SUMMARY.md" + +def human(n: int) -> str: + for unit in ("B","K","M","G","T"): + if n < 1024: + return f"{n:.0f}{unit}" if unit == "B" else f"{n:.1f}{unit}" + n /= 1024 + return f"{n:.1f}P" + +def load_inventory(host: str, csvpath: Path): + rows = [] + if not csvpath.exists() or csvpath.stat().st_size == 0: + return rows + with csvpath.open(newline="", errors="replace") as f: + for r in csv.reader(f): + if len(r) < 4: continue + try: + rows.append((r[0], int(r[1]), r[2], r[3])) + except ValueError: + continue + return rows + +ANOM_RE = re.compile(r"^(\S+)\s+errors=(\d+)\s+warns=(\d+)\s+size=(\d+)") + +def parse_anomaly(host: str, txt: Path): + """Return list of (path, errors, warns, size) and journal error count.""" + findings = [] + journal_err = 0 + if not txt.exists(): + return findings, journal_err, "missing" + body = txt.read_text(errors="replace") + if not body.strip(): + return findings, journal_err, "empty (host unreachable?)" + for line in body.splitlines(): + m = ANOM_RE.match(line) + if m: + findings.append((m.group(1), int(m.group(2)), int(m.group(3)), int(m.group(4)))) + # crude journal error tally + in_journal = False + for line in body.splitlines(): + if line.startswith("--- journalctl"): + in_journal = True; continue + if line.startswith("---") and in_journal: + break + if in_journal and line.strip(): + journal_err += 1 + return findings, journal_err, "ok" + +def severity(errors: int, warns: int) -> str: + if errors >= 50 or warns >= 1000: return "HIGH" + if errors >= 10 or warns >= 200: return "MED" + if errors > 0 or warns > 50: return "LOW" + return "-" + +def main(): + hosts = sorted({p.stem for p in INV_DIR.glob("*.csv")} | + {p.stem for p in ANOM_DIR.glob("*.txt")}) + out = [] + out.append("# Cross-Server Log Inspection — Summary") + out.append("") + out.append(f"_Generated: {datetime.now(timezone.utc).isoformat(timespec='seconds')}_") + out.append("") + out.append("## Coverage") + out.append("") + out.append("| Host | Inventory entries | Status | Top log dirs |") + out.append("|------|-------------------:|--------|--------------|") + per_host_findings = {} + per_host_inv = {} + for h in hosts: + inv = load_inventory(h, INV_DIR / f"{h}.csv") + per_host_inv[h] = inv + findings, jerr, status = parse_anomaly(h, ANOM_DIR / f"{h}.txt") + per_host_findings[h] = (findings, jerr, status) + # top dirs by total size + dirs = {} + for path, sz, _, _ in inv: + d = "/".join(path.split("/")[:4]) + dirs[d] = dirs.get(d, 0) + sz + topdirs = ", ".join(f"{d} ({human(s)})" for d, s in sorted(dirs.items(), key=lambda x:-x[1])[:3]) + out.append(f"| {h} | {len(inv)} | {status} | {topdirs or '-'} |") + out.append("") + + # Largest individual log files across all hosts + out.append("## Top 25 largest log files (cluster-wide)") + out.append("") + out.append("| Host | Path | Size | Mtime | Service |") + out.append("|------|------|-----:|-------|---------|") + flat = [] + for h, rows in per_host_inv.items(): + for path, sz, mt, svc in rows: + flat.append((h, path, sz, mt, svc)) + flat.sort(key=lambda x: -x[2]) + for h, p, sz, mt, svc in flat[:25]: + out.append(f"| {h} | `{p}` | {human(sz)} | {mt} | {svc} |") + out.append("") + + # Anomaly findings table + out.append("## Anomalies — files with errors or excessive warnings") + out.append("") + out.append("| Host | Severity | Errors | Warns | Size | Path |") + out.append("|------|----------|-------:|------:|-----:|------|") + rows_sev = [] + for h, (findings, _, _) in per_host_findings.items(): + for path, e, w, sz in findings: + rows_sev.append((severity(e,w), h, e, w, sz, path)) + sev_rank = {"HIGH":0, "MED":1, "LOW":2, "-":3} + rows_sev.sort(key=lambda r: (sev_rank[r[0]], -r[2], -r[3])) + for sev, h, e, w, sz, p in rows_sev: + out.append(f"| {h} | **{sev}** | {e} | {w} | {human(sz)} | `{p}` |") + if not rows_sev: + out.append("| - | - | - | - | - | _no error patterns detected in 7-day window_ |") + out.append("") + + # journal error summary + out.append("## systemd journal error volume (24h)") + out.append("") + out.append("| Host | journalctl -p err lines |") + out.append("|------|------------------------:|") + for h, (_, jerr, _) in per_host_findings.items(): + out.append(f"| {h} | {jerr} |") + out.append("") + + # Recommendations + out.append("## Recommendations") + out.append("") + recs = [] + # 1. Severity-based + high = [r for r in rows_sev if r[0] == "HIGH"] + if high: + recs.append(f"- **Investigate {len(high)} HIGH-severity log file(s) immediately** — see table above. " + "These have either ≥50 error lines or ≥1000 warning lines in the last 7 days.") + # 2. Big files + bigfiles = [r for r in flat if r[2] > 100*1024*1024] + if bigfiles: + recs.append(f"- **{len(bigfiles)} log file(s) exceed 100 MB** — consider tightening logrotate " + "(e.g. `/etc/logrotate.d/`) and/or using zstd compression. Largest: " + f"`{bigfiles[0][1]}` on {bigfiles[0][0]} at {human(bigfiles[0][2])}.") + # 3. Hosts with no inventory (likely unprivileged) + empty = [h for h, inv in per_host_inv.items() if len(inv) < 30] + if empty: + recs.append(f"- **Sparse inventories on {', '.join(empty)}** — these likely require sudo to enumerate " + "/var/log fully. Re-run discovery as root for a complete picture (the runner can be " + "extended to use `sudo -n` on Linux hosts as it already does on FreeBSD).") + # 4. journal noise + noisy = sorted(((h, j) for h, (_, j, _) in per_host_findings.items() if j > 100), + key=lambda x:-x[1]) + if noisy: + h, j = noisy[0] + recs.append(f"- **journald noisiest on {h}** ({j} error lines/24h). Top drivers worth triaging: " + "check `journalctl -p err -b` for repeating units (mbsync, sudo PAM failures, etc.).") + # 5. Generic + recs.append("- Re-run `./scripts/run-all.sh` on a schedule (cron / systemd timer) and commit the diff " + "to track regressions over time.") + recs.append("- Consider centralising logs (Loki / Vector → VictoriaLogs on mo1) so this scan becomes " + "a single query rather than 10 SSH fan-outs.") + out.extend(recs) + out.append("") + + OUT.parent.mkdir(parents=True, exist_ok=True) + OUT.write_text("\n".join(out)) + print(f"wrote {OUT} ({len(out)} lines)") + +if __name__ == "__main__": + main() diff --git a/scripts/discover-logs.sh b/scripts/discover-logs.sh new file mode 100755 index 0000000..7e13cff --- /dev/null +++ b/scripts/discover-logs.sh @@ -0,0 +1,51 @@ +#!/bin/sh +# discover-logs.sh — portable log inventory. +# Outputs CSV: path,size_bytes,mtime_iso,service +# Works on Linux (Debian/Ubuntu), FreeBSD, and Termux. + +set -u +HOST=$(hostname 2>/dev/null || uname -n) + +# 1. Build candidate file list using fast tools when available. +LIST=$(mktemp 2>/dev/null || echo /tmp/discover.$$) +trap 'rm -f "$LIST"' EXIT + +if command -v plocate >/dev/null 2>&1; then + plocate /var/log 2>/dev/null > "$LIST" +elif command -v locate >/dev/null 2>&1; then + locate /var/log 2>/dev/null > "$LIST" +else + # No locate db: walk /var/log with du (faster than find for our purposes). + if [ -d /var/log ]; then + du -ab /var/log 2>/dev/null | awk '{ $1=""; sub(/^ /,""); print }' > "$LIST" + fi +fi + +# Add Kubernetes / container log dirs explicitly (they may be outside locate db). +for extra in /var/log/pods /var/log/containers /var/lib/docker/containers /var/log/journal; do + [ -d "$extra" ] && du -ab "$extra" 2>/dev/null | awk '{ $1=""; sub(/^ /,""); print }' >> "$LIST" +done + +# Termux logs +if [ -n "${PREFIX:-}" ] && [ -d "${PREFIX}/var/log" ]; then + du -ab "${PREFIX}/var/log" 2>/dev/null | awk '{ $1=""; sub(/^ /,""); print }' >> "$LIST" +fi + +# 2. Filter to regular files matching log-ish patterns, emit CSV. +# Service guessed from path component under /var/log/. +sort -u "$LIST" | while IFS= read -r p; do + [ -f "$p" ] || continue + case "$p" in + *.log|*.log.*|*.gz|*.zst|*.xz|*.zip|*/messages|*/syslog|*/auth*|*/kern*|*/daemon*|*/dmesg*|*/secure*) ;; + *) continue ;; + esac + sz=$(stat -c '%s' "$p" 2>/dev/null || stat -f '%z' "$p" 2>/dev/null) || continue + mt=$(stat -c '%y' "$p" 2>/dev/null | cut -d. -f1 || stat -f '%Sm' -t '%Y-%m-%d %H:%M:%S' "$p" 2>/dev/null) || continue + svc=$(echo "$p" | awk -F/ '{ + for (i=1;i<=NF;i++) if ($i=="log" || $i=="logs") { print $(i+1); exit } + }') + [ -z "$svc" ] && svc="other" + # CSV-escape quotes/commas in path + esc=$(printf '%s' "$p" | sed 's/"/""/g') + printf '"%s",%s,"%s","%s"\n' "$esc" "$sz" "$mt" "$svc" +done diff --git a/scripts/run-all.sh b/scripts/run-all.sh new file mode 100755 index 0000000..950a700 --- /dev/null +++ b/scripts/run-all.sh @@ -0,0 +1,63 @@ +#!/bin/bash +# run-all.sh — fan out discover-logs.sh and scan-anomalies.sh to every host. +# Run from the log_analysis repo root. + +set -u +ROOT="$(cd "$(dirname "$0")/.." && pwd)" +mkdir -p "$ROOT/logs/inventory" "$ROOT/anomalies" + +# host:ssh-prefix:needs-sudo +HOSTS=( + "mo1:local:0" + "ams:ssh -o BatchMode=yes ams:1" + "ams2:ssh -o BatchMode=yes ams2:1" + "ro1:ssh -o BatchMode=yes ro1:1" + "ca1:ssh -o BatchMode=yes ca1:0" + "ca2:ssh -o BatchMode=yes ca2:0" + "ca3:ssh -o BatchMode=yes -p 15120 ca3:0" + "fr1:ssh -o BatchMode=yes fr1:0" + "sony:ssh -o BatchMode=yes -o ConnectTimeout=5 sony:0" + "termux:ssh -o BatchMode=yes -o ConnectTimeout=5 -p 8022 termux:0" +) + +run_one() { + local entry="$1" + local host="${entry%%:*}" + local rest="${entry#*:}" + local ssh_cmd="${rest%:*}" + local sudo_flag="${rest##*:}" + + local discover scan + discover="$(cat "$ROOT/scripts/discover-logs.sh")" + scan="$(cat "$ROOT/scripts/scan-anomalies.sh")" + + local pfx="" + [ "$sudo_flag" = "1" ] && pfx="sudo -n " + + if [ "$ssh_cmd" = "local" ]; then + echo "[$host] discover (local)" + ${pfx}sh -c "$discover" > "$ROOT/logs/inventory/$host.csv" 2>/dev/null + echo "[$host] scan (local)" + ${pfx}sh -c "$scan" > "$ROOT/anomalies/$host.txt" 2>&1 + else + echo "[$host] discover via: $ssh_cmd" + $ssh_cmd "${pfx}sh" > "$ROOT/logs/inventory/$host.csv" 2>/dev/null < "$ROOT/anomalies/$host.txt" 2>&1 </dev/null || echo 0) + bytes=$(wc -c < "$ROOT/anomalies/$host.txt" 2>/dev/null || echo 0) + echo "[$host] done — inventory=$lines lines, anomalies=$bytes bytes" +} + +# Run hosts in parallel (background), wait at end. +for h in "${HOSTS[@]}"; do + run_one "$h" & +done +wait +echo "All hosts complete." diff --git a/scripts/scan-anomalies.sh b/scripts/scan-anomalies.sh new file mode 100755 index 0000000..f09c567 --- /dev/null +++ b/scripts/scan-anomalies.sh @@ -0,0 +1,72 @@ +#!/bin/sh +# scan-anomalies.sh — inspect recent log files for error/warning/critical patterns. +# Output is human-readable; one block per file with issues. + +set -u +HOST=$(hostname 2>/dev/null || uname -n) +echo "=== Anomaly scan: $HOST ($(date -u +%FT%TZ)) ===" +echo + +# 1. systemd journal (Linux only) — last 24h, error priority and above. +if command -v journalctl >/dev/null 2>&1; then + echo "--- journalctl -p err --since '24 hours ago' ---" + journalctl -p err --since '24 hours ago' --no-pager 2>/dev/null | tail -100 + echo +fi + +# 2. kubectl events (mo1 only). +if command -v kubectl >/dev/null 2>&1; then + echo "--- kubectl get events --all-namespaces (warnings) ---" + kubectl get events --all-namespaces --field-selector type!=Normal 2>/dev/null | tail -50 + echo +fi + +# 3. Recent (mtime < 7d) log files: count error tokens. +PATTERN='ERROR|FATAL|CRITICAL|FAIL(ED|URE)?|panic|segfault|OOM|Out of memory|denied' +WPAT='WARN(ING)?' + +scan_file() { + f="$1" + case "$f" in + *.gz) cmd="zcat -- \"$f\"" ;; + *.xz) cmd="xzcat -- \"$f\"" ;; + *.zst) cmd="zstdcat -- \"$f\"" ;; + *.zip) return ;; + *) cmd="cat -- \"$f\"" ;; + esac + errs=$(eval "$cmd" 2>/dev/null | grep -c -E "$PATTERN") + warns=$(eval "$cmd" 2>/dev/null | grep -c -E "$WPAT") + if [ "${errs:-0}" -gt 0 ] || [ "${warns:-0}" -gt 50 ]; then + sz=$(stat -c '%s' "$f" 2>/dev/null || stat -f '%z' "$f" 2>/dev/null) + printf '%s\terrors=%s\twarns=%s\tsize=%s\n' "$f" "$errs" "$warns" "$sz" + # Show up to 5 sample error lines. + eval "$cmd" 2>/dev/null | grep -E "$PATTERN" | head -5 | sed 's/^/ > /' + fi +} + +echo "--- recent log files (mtime < 7d) ---" +# Use locate when possible; otherwise restrict to /var/log walk. +{ + if command -v plocate >/dev/null 2>&1; then plocate /var/log 2>/dev/null + elif command -v locate >/dev/null 2>&1; then locate /var/log 2>/dev/null + fi + [ -d /var/log ] && du -a /var/log 2>/dev/null | awk '{ $1=""; sub(/^ /,""); print }' +} | sort -u | while IFS= read -r f; do + [ -f "$f" ] || continue + case "$f" in *.log|*.log.*|*/messages|*/syslog|*/auth*|*/kern*|*/daemon*) ;; *) continue ;; esac + # mtime within 7 days + if [ "$(find "$f" -prune -mtime -7 2>/dev/null)" = "$f" ]; then + scan_file "$f" + fi +done + +# 4. Disk usage of /var/log overall. +echo +echo "--- /var/log disk usage ---" +du -sh /var/log 2>/dev/null +du -sh /var/log/* 2>/dev/null | sort -h | tail -15 + +# 5. Largest log files +echo +echo "--- top 15 largest files under /var/log ---" +du -ab /var/log 2>/dev/null | sort -nr | head -15 | awk '{ printf "%10d %s\n", $1, $2 }'