Initial cross-server log inventory + anomaly scan

- 10 hosts (mo1, ams, ams2, ro1, ca1, ca2, ca3, fr1, sony, termux) - discover-logs.sh: portable inventory (Linux/FreeBSD/Termux) - scan-anomalies.sh: ERROR/WARN/CRITICAL counts + journalctl + kubectl - run-all.sh: parallel SSH fan-out - build-summary.py: aggregates into reports/SUMMARY.md - 5 HIGH-severity findings identified on ro1 (apache scanner traffic, mount_monitor warnings)
2026-04-10 21:49:17 +00:00
parent cabf4c587f
commit e96a8b03fc
26 changed files with 1636 additions and 1 deletions
--- a/anomalies/ca2.txt
+++ b/anomalies/ca2.txt
@@ -0,0 +1,41 @@
+=== Anomaly scan: ip-51-79-3-199 (2026-04-10T21:46:10Z) ===
+
+--- journalctl -p err --since '24 hours ago' ---
+-- No entries --
+
+--- recent log files (mtime < 7d) ---
+
+--- /var/log disk usage ---
+463M	/var/log
+532K	/var/log/syslog.3.gz
+576K	/var/log/ufw.log.4.gz
+844K	/var/log/auth.log.3.gz
+1.1M	/var/log/kern.log.3.gz
+1.1M	/var/log/kern.log.4.gz
+1.1M	/var/log/syslog.4.gz
+1.1M	/var/log/ufw.log.2.gz
+1.1M	/var/log/ufw.log.3.gz
+1.2M	/var/log/btmp
+1.6M	/var/log/auth.log
+1.6M	/var/log/auth.log.4.gz
+3.3M	/var/log/auth.log.1
+3.8M	/var/log/ufw.log.1
+33M	/var/log/btmp.1
+409M	/var/log/journal
+
+--- top 15 largest files under /var/log ---
+ 485391370  /var/log
+ 428663992  /var/log/journal
+ 428659896  /var/log/journal/b02dc037a34a4cb8a15b01d75132a0f6
+  45110984  /var/log/journal/b02dc037a34a4cb8a15b01d75132a0f6/system@86c54d3ff5d441bb8055b2ee8b5a63e9-00000000000292e8-00064c3d93bf6cf5.journal
+  44732968  /var/log/journal/b02dc037a34a4cb8a15b01d75132a0f6/system@86c54d3ff5d441bb8055b2ee8b5a63e9-0000000000037922-00064c84af763c31.journal
+  44467312  /var/log/journal/b02dc037a34a4cb8a15b01d75132a0f6/system@86c54d3ff5d441bb8055b2ee8b5a63e9-0000000000053500-00064d0111ffd3c7.journal
+  44453136  /var/log/journal/b02dc037a34a4cb8a15b01d75132a0f6/system@86c54d3ff5d441bb8055b2ee8b5a63e9-0000000000045881-00064cc7fd5e30a1.journal
+  43759864  /var/log/journal/b02dc037a34a4cb8a15b01d75132a0f6/system@86c54d3ff5d441bb8055b2ee8b5a63e9-0000000000000be2-00064b9f844d6876.journal
+  43717416  /var/log/journal/b02dc037a34a4cb8a15b01d75132a0f6/system@86c54d3ff5d441bb8055b2ee8b5a63e9-000000000001be8a-00064bffa0a97a8a.journal
+  43173456  /var/log/journal/b02dc037a34a4cb8a15b01d75132a0f6/system@86c54d3ff5d441bb8055b2ee8b5a63e9-000000000000eb50-00064bcebd787df5.journal
+  41980912  /var/log/journal/b02dc037a34a4cb8a15b01d75132a0f6/system@86c54d3ff5d441bb8055b2ee8b5a63e9-00000000000612ff-00064d4e811ecc56.journal
+  34127232  /var/log/btmp.1
+  25165824  /var/log/journal/b02dc037a34a4cb8a15b01d75132a0f6/system.journal
+   8388608  /var/log/journal/b02dc037a34a4cb8a15b01d75132a0f6/user-1001.journal
+   4543296  /var/log/journal/b02dc037a34a4cb8a15b01d75132a0f6/user-1001@de6260ca127840deab7e231baa6cfc8a-000000000006158d-00064d54160e10b6.journal