rpert/log_analysis
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial cross-server log inventory + anomaly scan

Browse Source 
- 10 hosts (mo1, ams, ams2, ro1, ca1, ca2, ca3, fr1, sony, termux)
- discover-logs.sh: portable inventory (Linux/FreeBSD/Termux)
- scan-anomalies.sh: ERROR/WARN/CRITICAL counts + journalctl + kubectl
- run-all.sh: parallel SSH fan-out
- build-summary.py: aggregates into reports/SUMMARY.md
- 5 HIGH-severity findings identified on ro1 (apache scanner traffic, mount_monitor warnings)
This commit is contained in:
rpert
2026-04-10 21:49:17 +00:00
parent cabf4c587f
commit e96a8b03fc
26 changed files with 1636 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
anomalies/ro1.txt Normal file
View File

@@ -0,0 +1,65 @@
=== Anomaly scan: ro1-3z8-pw.novalocal (2026-04-10T21:46:09Z) ===
--- recent log files (mtime < 7d) ---
/var/log/borg-backup.log errors=5 warns=0 size=13318316
> M /usr/local/www/apache24/error/HTTP_INTERNAL_SERVER_ERROR.html.var
> M /usr/local/www/apache24/error/HTTP_PRECONDITION_FAILED.html.var
> M /usr/local/www/apache24/error/HTTP_INTERNAL_SERVER_ERROR.html.var
> M /usr/local/www/apache24/error/HTTP_PRECONDITION_FAILED.html.var
> M /usr/local/www/i47i.tk/wp-content/plugins/redis-cache/dependencies/predis/predis/src/Command/Redis/FAILOVER.php
/var/log/freedns-ssl-error.log errors=72 warns=0 size=1343992
> [Thu Mar 19 17:06:45.696498 2026] [authz_core:error] [pid 59340] [client 20.151.11.236:41914] AH01630: client denied by server configuration: /usr/local/www/apache24/cgi-bin
> [Sat Mar 21 05:45:17.976155 2026] [authz_core:error] [pid 97472] [client 20.151.11.236:31811] AH01630: client denied by server configuration: /usr/local/www/apache24/cgi-bin
> [Sat Mar 21 06:41:09.566838 2026] [authz_core:error] [pid 69202] [client 172.235.235.248:54732] AH01630: client denied by server configuration: /usr/local/www/apache24/cgi-bin
> [Sun Mar 22 03:00:13.267508 2026] [authz_core:error] [pid 9998] [client 185.177.72.52:18966] AH01630: client denied by server configuration: /usr/local/www/freedns-placeholder/.htaccess
> [Sun Mar 22 03:00:13.502429 2026] [authz_core:error] [pid 69202] [client 185.177.72.52:18982] AH01630: client denied by server configuration: /usr/local/www/freedns-placeholder/.htaccess
/var/log/httpd/i47i.tk-error.log errors=51 warns=0 size=400820
> [Thu Mar 19 18:50:37.024880 2026] [authz_core:error] [pid 59307] [client 20.222.18.47:21485] AH01630: client denied by server configuration: /usr/local/www/apache24/cgi-bin
> [Fri Mar 20 11:42:47.077024 2026] [authz_core:error] [pid 69861] [client 23.100.100.188:3532] AH01630: client denied by server configuration: /usr/local/www/apache24/cgi-bin
> [Tue Mar 24 23:57:24.319230 2026] [authz_core:error] [pid 81828] [client 85.203.23.121:52441] AH01630: client denied by server configuration: /usr/local/www/apache24/cgi-bin, referer: http://i47i.tk/cgi-bin/cgi-bin/sql.php
> [Wed Mar 25 02:04:05.820795 2026] [authz_core:error] [pid 81829] [client 20.222.18.47:22936] AH01630: client denied by server configuration: /usr/local/www/apache24/cgi-bin
> [Wed Mar 25 18:35:40.714323 2026] [authz_core:error] [pid 32775] [client 20.151.201.236:22849] AH01630: client denied by server configuration: /usr/local/www/apache24/cgi-bin
/var/log/manual-upgrades/upgrade-2026-04-05_0400.log errors=3 warns=0 size=2495
> Warning: Failed to create directory '/nonexistent/.wp-cli/cache/': mkdir(): Permission denied.
> FAILED: apache24 php_fpm jellyfin flood redis
> {"id":"ZAa6Ntdv1W5c","time":1775361630,"expires":1775404830,"event":"message","topic":"rspworks-updates","title":"Manual Upgrade ERRORS — ro1-3z8-pw.novalocal","message":"1 services running\n\nUpdated:\\n• WordPress: 3 plugins\n\nErrors:\\n• Service down: apache24\\n• Service down: php_fpm\\n• Service down: jellyfin\\n• Service down: flood\\n• Service down: redis","priority":4,"tags":["warning","package"]}
/var/log/messages errors=0 warns=886 size=512303
/var/log/mount_monitor.log errors=0 warns=1808 size=526613
/var/log/mount_monitor.log.old errors=7 warns=3614 size=1048798
> [2026-03-24 13:05:30] CRITICAL: Mount is hung (ls command timed out)
> [2026-03-24 13:06:28] FAILED: Mount still not responding after recovery attempt
> [2026-03-24 13:10:30] CRITICAL: Mount is hung (ls command timed out)
> [2026-03-24 13:11:28] FAILED: Mount still not responding after recovery attempt
> [2026-03-24 13:15:35] CRITICAL: Mount is hung (ls command timed out)
/var/log/rclone_1fichier.log errors=6 warns=0 size=3527222
> 2026/03/24 13:06:28 ERROR : IO error: couldn't list files: Post "https://api.1fichier.com/v1/file/ls.cgi": dial tcp: lookup api.1fichier.com: i/o timeout
> 2026/03/24 13:10:30 ERROR : IO error: couldn't list files: Post "https://api.1fichier.com/v1/file/ls.cgi": dial tcp: lookup api.1fichier.com: i/o timeout
> 2026/03/24 13:11:28 ERROR : IO error: couldn't list files: Post "https://api.1fichier.com/v1/file/ls.cgi": dial tcp 5.39.224.140:443: i/o timeout
> 2026/03/24 13:15:35 ERROR : IO error: couldn't list files: Post "https://api.1fichier.com/v1/file/ls.cgi": net/http: TLS handshake timeout
> 2026/03/30 06:45:30 ERROR : IO error: couldn't list files: Post "https://api.1fichier.com/v1/file/ls.cgi": dial tcp 5.39.224.140:443: i/o timeout
/var/log/webmail-ssl-error.log errors=62 warns=0 size=28197
> [Fri Jan 09 22:57:32.624107 2026] [authz_core:error] [pid 67028] [client 146.19.168.250:51646] AH01630: client denied by server configuration: /usr/local/www/roundcube/config/.env
> [Fri Jan 09 22:57:45.572560 2026] [authz_core:error] [pid 67028] [client 146.19.168.250:51646] AH01630: client denied by server configuration: /usr/local/www/roundcube/config/config.php
> [Fri Jan 09 22:57:47.072687 2026] [authz_core:error] [pid 67028] [client 146.19.168.250:51646] AH01630: client denied by server configuration: /usr/local/www/roundcube/config/database.php
> [Fri Jan 09 22:57:47.392299 2026] [authz_core:error] [pid 67028] [client 146.19.168.250:51646] AH01630: client denied by server configuration: /usr/local/www/roundcube/config/mail.php
> [Fri Jan 09 22:57:47.693547 2026] [authz_core:error] [pid 67028] [client 146.19.168.250:51646] AH01630: client denied by server configuration: /usr/local/www/roundcube/config/app.php
--- /var/log disk usage ---
95M /var/log
960K /var/log/httpd-nextcloud-access.log
1.1M /var/log/mount_monitor.log.old
1.3M /var/log/freedns-ssl-error.log
1.9M /var/log/freedns-access.log
2.2M /var/log/matomo-access.log
2.6M /var/log/flood.log
3.3M /var/log/httpd-access.log
3.4M /var/log/rclone_1fichier.log
4.3M /var/log/freedns-ssl-access.log
5.6M /var/log/httpd-error.log
6.2M /var/log/redis
9.3M /var/log/letsencrypt
9.8M /var/log/httpd
13M /var/log/borg-backup.log
24M /var/log/webmail-ssl-access.log
--- top 15 largest files under /var/log ---