rpert/log_analysis
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial cross-server log inventory + anomaly scan

Browse Source 
- 10 hosts (mo1, ams, ams2, ro1, ca1, ca2, ca3, fr1, sony, termux)
- discover-logs.sh: portable inventory (Linux/FreeBSD/Termux)
- scan-anomalies.sh: ERROR/WARN/CRITICAL counts + journalctl + kubectl
- run-all.sh: parallel SSH fan-out
- build-summary.py: aggregates into reports/SUMMARY.md
- 5 HIGH-severity findings identified on ro1 (apache scanner traffic, mount_monitor warnings)
This commit is contained in:
rpert
2026-04-10 21:49:17 +00:00
parent cabf4c587f
commit e96a8b03fc
26 changed files with 1636 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
anomalies/ca1.txt Normal file
View File

@@ -0,0 +1,41 @@
=== Anomaly scan: ca1.rspworks.tech (2026-04-10T21:46:10Z) ===
--- journalctl -p err --since '24 hours ago' ---
-- No entries --
--- recent log files (mtime < 7d) ---
--- /var/log disk usage ---
372M /var/log
852K /var/log/ufw.log.2.gz
1.3M /var/log/syslog.3.gz
1.4M /var/log/syslog.2.gz
1.6M /var/log/auth.log
1.7M /var/log/mail.log
3.4M /var/log/auth.log.1
6.1M /var/log/kern.log
6.1M /var/log/sysstat
6.1M /var/log/ufw.log
7.3M /var/log/ufw.log.1
7.4M /var/log/kern.log.1
7.9M /var/log/btmp.1
8.7M /var/log/syslog
9.5M /var/log/syslog.1
296M /var/log/journal
--- top 15 largest files under /var/log ---
440136579 /var/log
360710144 /var/log/journal/6f9b28a107671d35d565db8d4fdf10a8
360710144 /var/log/journal
58720256 /var/log/journal/6f9b28a107671d35d565db8d4fdf10a8/system@ab13cdfa37454491a79434767401386e-00000000003adb5c-00064cb3c1ed363d.journal
58720256 /var/log/journal/6f9b28a107671d35d565db8d4fdf10a8/system@9e6ecb5b9f514c72a5570e68825ad6a7-00000000003ca351-00064d43484e2748.journal
50331648 /var/log/journal/6f9b28a107671d35d565db8d4fdf10a8/system@fec4a914b99c4953ab02aad708666ef9-00000000003f6f27-00064e81484ba094.journal
50331648 /var/log/journal/6f9b28a107671d35d565db8d4fdf10a8/system@9e6ecb5b9f514c72a5570e68825ad6a7-00000000003defff-00064ddfb0de2946.journal
25165824 /var/log/journal/6f9b28a107671d35d565db8d4fdf10a8/system@9e6ecb5b9f514c72a5570e68825ad6a7-00000000003f15ad-00064e58095423d3.journal
25165824 /var/log/journal/6f9b28a107671d35d565db8d4fdf10a8/system@00064d3b8778fc5f-b4dcd1bdd4b96ecb.journal~
9868554 /var/log/syslog.1
9053714 /var/log/syslog
8388608 /var/log/journal/6f9b28a107671d35d565db8d4fdf10a8/user-1000.journal
8388608 /var/log/journal/6f9b28a107671d35d565db8d4fdf10a8/user-1000@fec4a914b99c4953ab02aad708666ef9-00000000003f6f26-00064e81484b121d.journal
8388608 /var/log/journal/6f9b28a107671d35d565db8d4fdf10a8/user-1000@ab13cdfa37454491a79434767401386e-00000000003c27c9-00064d143295a90c.journal
8388608 /var/log/journal/6f9b28a107671d35d565db8d4fdf10a8/user-1000@ab13cdfa37454491a79434767401386e-00000000003afdc3-00064cc380be60fc.journal