Initial cross-server log inventory + anomaly scan

- 10 hosts (mo1, ams, ams2, ro1, ca1, ca2, ca3, fr1, sony, termux) - discover-logs.sh: portable inventory (Linux/FreeBSD/Termux) - scan-anomalies.sh: ERROR/WARN/CRITICAL counts + journalctl + kubectl - run-all.sh: parallel SSH fan-out - build-summary.py: aggregates into reports/SUMMARY.md - 5 HIGH-severity findings identified on ro1 (apache scanner traffic, mount_monitor warnings)
2026-04-10 21:49:17 +00:00
parent cabf4c587f
commit e96a8b03fc
26 changed files with 1636 additions and 1 deletions
--- a/anomalies/fr1.txt
+++ b/anomalies/fr1.txt
@@ -0,0 +1,43 @@
+=== Anomaly scan: fr1.3z8.pw (2026-04-10T21:46:42Z) ===
+
+--- journalctl -p err --since '24 hours ago' ---
+-- No entries --
+
+--- kubectl get events --all-namespaces (warnings) ---
+
+--- recent log files (mtime < 7d) ---
+
+--- /var/log disk usage ---
+2.3G	/var/log
+2.3M	/var/log/mail.log.1
+2.4M	/var/log/borg-backup.log
+2.8M	/var/log/borg
+2.9M	/var/log/syslog.3.gz
+3.0M	/var/log/auth.log.1
+3.8M	/var/log/syslog.2.gz
+5.2M	/var/log/postfix.log
+6.1M	/var/log/kern.log
+6.1M	/var/log/ufw.log
+7.3M	/var/log/ufw.log.1
+7.4M	/var/log/kern.log.1
+13M	/var/log/btmp.1
+38M	/var/log/syslog
+47M	/var/log/syslog.1
+2.2G	/var/log/journal
+
+--- top 15 largest files under /var/log ---
+2424100146  /var/log
+2256551936  /var/log/journal
+2256547840  /var/log/journal/7a3fd67a924c4186bb3081ae4975373c
+ 125829120  /var/log/journal/7a3fd67a924c4186bb3081ae4975373c/user-1000@27dcfd2fef7244188c973786553a5804-0000000000a63802-00064ee25f15ebf5.journal
+ 125829120  /var/log/journal/7a3fd67a924c4186bb3081ae4975373c/user-1000@27dcfd2fef7244188c973786553a5804-0000000000a486e1-00064ebf45be6c08.journal
+ 125829120  /var/log/journal/7a3fd67a924c4186bb3081ae4975373c/user-1000@27dcfd2fef7244188c973786553a5804-0000000000a2d51d-00064e9ca8d04650.journal
+ 125829120  /var/log/journal/7a3fd67a924c4186bb3081ae4975373c/user-1000@27dcfd2fef7244188c973786553a5804-0000000000a11a97-00064e79b0d30b2f.journal
+ 125829120  /var/log/journal/7a3fd67a924c4186bb3081ae4975373c/user-1000@27dcfd2fef7244188c973786553a5804-00000000009f4c9f-00064e56b4e1c853.journal
+ 125829120  /var/log/journal/7a3fd67a924c4186bb3081ae4975373c/user-1000@27dcfd2fef7244188c973786553a5804-00000000009d71f8-00064e33e5548a49.journal
+ 125829120  /var/log/journal/7a3fd67a924c4186bb3081ae4975373c/user-1000@27dcfd2fef7244188c973786553a5804-00000000009ba218-00064e112c8993aa.journal
+ 125829120  /var/log/journal/7a3fd67a924c4186bb3081ae4975373c/user-1000@27dcfd2fef7244188c973786553a5804-000000000099c686-00064def3633af5b.journal
+ 125829120  /var/log/journal/7a3fd67a924c4186bb3081ae4975373c/user-1000@27dcfd2fef7244188c973786553a5804-000000000097e720-00064dcc67deca0d.journal
+ 125829120  /var/log/journal/7a3fd67a924c4186bb3081ae4975373c/user-1000@27dcfd2fef7244188c973786553a5804-0000000000961320-00064da9dc769b56.journal
+ 125829120  /var/log/journal/7a3fd67a924c4186bb3081ae4975373c/user-1000@27dcfd2fef7244188c973786553a5804-0000000000941583-00064d8712b97fc5.journal
+ 109051904  /var/log/journal/7a3fd67a924c4186bb3081ae4975373c/system@32d91142d7d0427bb5e4c170c7a73604-0000000000917d56-00064d56478ea870.journal