Initial cross-server log inventory + anomaly scan

- 10 hosts (mo1, ams, ams2, ro1, ca1, ca2, ca3, fr1, sony, termux) - discover-logs.sh: portable inventory (Linux/FreeBSD/Termux) - scan-anomalies.sh: ERROR/WARN/CRITICAL counts + journalctl + kubectl - run-all.sh: parallel SSH fan-out - build-summary.py: aggregates into reports/SUMMARY.md - 5 HIGH-severity findings identified on ro1 (apache scanner traffic, mount_monitor warnings)
2026-04-10 21:49:17 +00:00
parent cabf4c587f
commit e96a8b03fc
26 changed files with 1636 additions and 1 deletions
--- a/README.md
+++ b/README.md
@@ -1,3 +1,52 @@
 # log_analysis

-Cross-server log inventory and anomaly reports
+Cross-server log inventory and anomaly scanning across the rpert infrastructure
+(10 hosts: mo1, ams, ams2, ro1, ca1, ca2, ca3, fr1, sony, termux).
+
+## Layout
+
+```
+log_analysis/
+├── README.md
+├── scripts/
+│   ├── discover-logs.sh    # portable log inventory (Linux/FreeBSD/Termux)
+│   ├── scan-anomalies.sh   # ERROR/WARN/CRITICAL counts + journalctl scan
+│   └── run-all.sh          # fan out both scripts to every host via SSH
+├── logs/
+│   └── inventory/<host>.csv   # path,size_bytes,mtime,service
+├── anomalies/
+│   └── <host>.txt             # raw anomaly findings per host
+└── reports/
+    └── SUMMARY.md             # cross-host roll-up + recommendations
+```
+
+## Hosts
+
+| Host    | OS       | SSH                       |
+|---------|----------|---------------------------|
+| mo1     | Debian   | local                     |
+| ams     | FreeBSD  | `ssh ams` (sudo -n)       |
+| ams2    | FreeBSD  | `ssh ams2` (sudo -n)      |
+| ro1     | FreeBSD  | `ssh ro1` (sudo -n)       |
+| ca1     | Ubuntu   | `ssh ca1`                 |
+| ca2     | Debian   | `ssh ca2`                 |
+| ca3     | Debian   | `ssh -p 15120 ca3`        |
+| fr1     | Ubuntu   | `ssh fr1`                 |
+| sony    | Debian   | `ssh sony` (laptop)       |
+| termux  | Android  | `ssh -p 8022 termux`      |
+
+## Usage
+
+```bash
+./scripts/run-all.sh        # discovery + anomaly scan, all hosts
+git add -A && git commit -m "refresh $(date -I)" && git push
+```
+
+Reports land in `reports/SUMMARY.md`.
+
+## Notes
+
+- FreeBSD hosts use `sudo -n` + `BatchMode=yes` (per memory).
+- Discovery uses `locate`/`plocate` where available, falls back to scanning
+  `/var/log` with `du`. `find` is avoided per project preference.
+- Sony and Termux may be offline; the runner skips unreachable hosts.