Initial cross-server log inventory + anomaly scan

- 10 hosts (mo1, ams, ams2, ro1, ca1, ca2, ca3, fr1, sony, termux) - discover-logs.sh: portable inventory (Linux/FreeBSD/Termux) - scan-anomalies.sh: ERROR/WARN/CRITICAL counts + journalctl + kubectl - run-all.sh: parallel SSH fan-out - build-summary.py: aggregates into reports/SUMMARY.md - 5 HIGH-severity findings identified on ro1 (apache scanner traffic, mount_monitor warnings)
2026-04-10 21:49:17 +00:00
parent cabf4c587f
commit e96a8b03fc
26 changed files with 1636 additions and 1 deletions
--- a/scripts/run-all.sh
+++ b/scripts/run-all.sh
@@ -0,0 +1,63 @@
+#!/bin/bash
+# run-all.sh — fan out discover-logs.sh and scan-anomalies.sh to every host.
+# Run from the log_analysis repo root.
+
+set -u
+ROOT="$(cd "$(dirname "$0")/.." && pwd)"
+mkdir -p "$ROOT/logs/inventory" "$ROOT/anomalies"
+
+# host:ssh-prefix:needs-sudo
+HOSTS=(
+    "mo1:local:0"
+    "ams:ssh -o BatchMode=yes ams:1"
+    "ams2:ssh -o BatchMode=yes ams2:1"
+    "ro1:ssh -o BatchMode=yes ro1:1"
+    "ca1:ssh -o BatchMode=yes ca1:0"
+    "ca2:ssh -o BatchMode=yes ca2:0"
+    "ca3:ssh -o BatchMode=yes -p 15120 ca3:0"
+    "fr1:ssh -o BatchMode=yes fr1:0"
+    "sony:ssh -o BatchMode=yes -o ConnectTimeout=5 sony:0"
+    "termux:ssh -o BatchMode=yes -o ConnectTimeout=5 -p 8022 termux:0"
+)
+
+run_one() {
+    local entry="$1"
+    local host="${entry%%:*}"
+    local rest="${entry#*:}"
+    local ssh_cmd="${rest%:*}"
+    local sudo_flag="${rest##*:}"
+
+    local discover scan
+    discover="$(cat "$ROOT/scripts/discover-logs.sh")"
+    scan="$(cat "$ROOT/scripts/scan-anomalies.sh")"
+
+    local pfx=""
+    [ "$sudo_flag" = "1" ] && pfx="sudo -n "
+
+    if [ "$ssh_cmd" = "local" ]; then
+        echo "[$host] discover (local)"
+        ${pfx}sh -c "$discover" > "$ROOT/logs/inventory/$host.csv" 2>/dev/null
+        echo "[$host] scan (local)"
+        ${pfx}sh -c "$scan" > "$ROOT/anomalies/$host.txt" 2>&1
+    else
+        echo "[$host] discover via: $ssh_cmd"
+        $ssh_cmd "${pfx}sh" > "$ROOT/logs/inventory/$host.csv" 2>/dev/null <<EOF || echo "[$host] discover FAILED"
+$discover
+EOF
+        echo "[$host] scan via: $ssh_cmd"
+        $ssh_cmd "${pfx}sh" > "$ROOT/anomalies/$host.txt" 2>&1 <<EOF || echo "[$host] scan FAILED"
+$scan
+EOF
+    fi
+    local lines bytes
+    lines=$(wc -l < "$ROOT/logs/inventory/$host.csv" 2>/dev/null || echo 0)
+    bytes=$(wc -c < "$ROOT/anomalies/$host.txt" 2>/dev/null || echo 0)
+    echo "[$host] done — inventory=$lines lines, anomalies=$bytes bytes"
+}
+
+# Run hosts in parallel (background), wait at end.
+for h in "${HOSTS[@]}"; do
+    run_one "$h" &
+done
+wait
+echo "All hosts complete."