rpert/log_analysis
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
log_analysis/anomalies/mo1.txt
rpert e96a8b03fc Initial cross-server log inventory + anomaly scan 
- 10 hosts (mo1, ams, ams2, ro1, ca1, ca2, ca3, fr1, sony, termux)
- discover-logs.sh: portable inventory (Linux/FreeBSD/Termux)
- scan-anomalies.sh: ERROR/WARN/CRITICAL counts + journalctl + kubectl
- run-all.sh: parallel SSH fan-out
- build-summary.py: aggregates into reports/SUMMARY.md
- 5 HIGH-severity findings identified on ro1 (apache scanner traffic, mount_monitor warnings)
2026-04-10 21:49:17 +00:00

80 lines
6.0 KiB
Plaintext
Raw Permalink Blame History

=== Anomaly scan: mo1.3z8.pw (2026-04-10T21:46:10Z) ===
--- journalctl -p err --since '24 hours ago' ---
Apr 09 23:02:18 mo1.3z8.pw sudo[1989355]: pam_unix(sudo:auth): conversation failed
Apr 09 23:02:18 mo1.3z8.pw sudo[1989355]: pam_unix(sudo:auth): auth could not identify password for [rpert]
Apr 09 23:16:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
Apr 09 23:33:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
Apr 09 23:59:51 mo1.3z8.pw sudo[4140045]: pam_unix(sudo:auth): conversation failed
Apr 09 23:59:51 mo1.3z8.pw sudo[4140045]: pam_unix(sudo:auth): auth could not identify password for [rpert]
Apr 10 00:02:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
Apr 10 00:49:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
Apr 10 01:00:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
Apr 10 01:05:16 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
Apr 10 01:10:33 mo1.3z8.pw sudo[2570337]: pam_unix(sudo:auth): conversation failed
Apr 10 01:10:33 mo1.3z8.pw sudo[2570337]: pam_unix(sudo:auth): auth could not identify password for [rpert]
Apr 10 02:16:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
Apr 10 03:51:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
Apr 10 04:08:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
Apr 10 05:01:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
Apr 10 05:36:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
Apr 10 05:59:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
Apr 10 07:19:31 mo1.3z8.pw sudo[3980992]: pam_unix(sudo:auth): conversation failed
Apr 10 07:19:31 mo1.3z8.pw sudo[3980992]: pam_unix(sudo:auth): auth could not identify password for [rpert]
Apr 10 09:52:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
Apr 10 10:21:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
Apr 10 10:56:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
Apr 10 11:07:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
Apr 10 11:42:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
Apr 10 12:11:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
Apr 10 12:16:16 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
Apr 10 12:57:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
Apr 10 13:08:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
Apr 10 13:13:16 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
Apr 10 13:36:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
Apr 10 13:41:16 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
Apr 10 14:34:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
Apr 10 14:39:16 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
Apr 10 15:14:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
Apr 10 15:31:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
Apr 10 15:36:16 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
--- kubectl get events --all-namespaces (warnings) ---
--- recent log files (mtime < 7d) ---
--- /var/log disk usage ---
822M /var/log
524K /var/log/kern.log.1
600K /var/log/auth.log.2.gz
908K /var/log/auth.log.3.gz
1016K /var/log/btmp
1.1M /var/log/auth.log.4.gz
1.5M /var/log/syslog.4.gz
2.3M /var/log/auth.log
3.0M /var/log/syslog.2.gz
4.3M /var/log/auth.log.1
6.9M /var/log/syslog.3.gz
18M /var/log/rclone-media.log
23M /var/log/btmp.1
39M /var/log/syslog.1
65M /var/log/syslog
655M /var/log/journal
--- top 15 largest files under /var/log ---
916304891 /var/log
740593040 /var/log/journal
740588944 /var/log/journal/a9f1f6828f9a4d60a85e1079cc2c6bc4
128611656 /var/log/journal/a9f1f6828f9a4d60a85e1079cc2c6bc4/system@988ab89fd22f4f208176d25bc2f2470d-0000000000074a21-00064d0e5525584b.journal
109051904 /var/log/journal/a9f1f6828f9a4d60a85e1079cc2c6bc4/system.journal
75985176 /var/log/journal/a9f1f6828f9a4d60a85e1079cc2c6bc4/system@988ab89fd22f4f208176d25bc2f2470d-000000000013e463-00064e5f5e0e5175.journal
74216752 /var/log/journal/a9f1f6828f9a4d60a85e1079cc2c6bc4/system@988ab89fd22f4f208176d25bc2f2470d-000000000010fac9-00064e02e1bb1c0d.journal
70106232 /var/log/journal/a9f1f6828f9a4d60a85e1079cc2c6bc4/system@988ab89fd22f4f208176d25bc2f2470d-00000000000db4af-00064d7f051b8ba1.journal
67501427 /var/log/syslog
58720256 /var/log/journal/a9f1f6828f9a4d60a85e1079cc2c6bc4/system@00064d7ec2d5b400-62e4a0e0b73c867c.journal~
46971424 /var/log/journal/a9f1f6828f9a4d60a85e1079cc2c6bc4/user-1001@01eac76beb704389b4f9ca118b11b2f8-00000000000db4ec-00064d7f051d3e37.journal
45807768 /var/log/journal/a9f1f6828f9a4d60a85e1079cc2c6bc4/user-1001@01eac76beb704389b4f9ca118b11b2f8-000000000013e47d-00064e5f64861672.journal
40099593 /var/log/syslog.1
28811960 /var/log/journal/a9f1f6828f9a4d60a85e1079cc2c6bc4/user-1001@01eac76beb704389b4f9ca118b11b2f8-000000000010fad6-00064e02e39cd4e3.journal
25165824 /var/log/journal/a9f1f6828f9a4d60a85e1079cc2c6bc4/user-1001@00064d7ec2f1014e-21c53d09549b2cc2.journal~
Reference in New Issue View Git Blame Copy Permalink