rpert
e96a8b03fc
- 10 hosts (mo1, ams, ams2, ro1, ca1, ca2, ca3, fr1, sony, termux) - discover-logs.sh: portable inventory (Linux/FreeBSD/Termux) - scan-anomalies.sh: ERROR/WARN/CRITICAL counts + journalctl + kubectl - run-all.sh: parallel SSH fan-out - build-summary.py: aggregates into reports/SUMMARY.md - 5 HIGH-severity findings identified on ro1 (apache scanner traffic, mount_monitor warnings)
52 lines
2.0 KiB
Bash
Executable File
52 lines
2.0 KiB
Bash
Executable File
#!/bin/sh
|
|
# discover-logs.sh — portable log inventory.
|
|
# Outputs CSV: path,size_bytes,mtime_iso,service
|
|
# Works on Linux (Debian/Ubuntu), FreeBSD, and Termux.
|
|
|
|
set -u
|
|
HOST=$(hostname 2>/dev/null || uname -n)
|
|
|
|
# 1. Build candidate file list using fast tools when available.
|
|
LIST=$(mktemp 2>/dev/null || echo /tmp/discover.$$)
|
|
trap 'rm -f "$LIST"' EXIT
|
|
|
|
if command -v plocate >/dev/null 2>&1; then
|
|
plocate /var/log 2>/dev/null > "$LIST"
|
|
elif command -v locate >/dev/null 2>&1; then
|
|
locate /var/log 2>/dev/null > "$LIST"
|
|
else
|
|
# No locate db: walk /var/log with du (faster than find for our purposes).
|
|
if [ -d /var/log ]; then
|
|
du -ab /var/log 2>/dev/null | awk '{ $1=""; sub(/^ /,""); print }' > "$LIST"
|
|
fi
|
|
fi
|
|
|
|
# Add Kubernetes / container log dirs explicitly (they may be outside locate db).
|
|
for extra in /var/log/pods /var/log/containers /var/lib/docker/containers /var/log/journal; do
|
|
[ -d "$extra" ] && du -ab "$extra" 2>/dev/null | awk '{ $1=""; sub(/^ /,""); print }' >> "$LIST"
|
|
done
|
|
|
|
# Termux logs
|
|
if [ -n "${PREFIX:-}" ] && [ -d "${PREFIX}/var/log" ]; then
|
|
du -ab "${PREFIX}/var/log" 2>/dev/null | awk '{ $1=""; sub(/^ /,""); print }' >> "$LIST"
|
|
fi
|
|
|
|
# 2. Filter to regular files matching log-ish patterns, emit CSV.
|
|
# Service guessed from path component under /var/log/.
|
|
sort -u "$LIST" | while IFS= read -r p; do
|
|
[ -f "$p" ] || continue
|
|
case "$p" in
|
|
*.log|*.log.*|*.gz|*.zst|*.xz|*.zip|*/messages|*/syslog|*/auth*|*/kern*|*/daemon*|*/dmesg*|*/secure*) ;;
|
|
*) continue ;;
|
|
esac
|
|
sz=$(stat -c '%s' "$p" 2>/dev/null || stat -f '%z' "$p" 2>/dev/null) || continue
|
|
mt=$(stat -c '%y' "$p" 2>/dev/null | cut -d. -f1 || stat -f '%Sm' -t '%Y-%m-%d %H:%M:%S' "$p" 2>/dev/null) || continue
|
|
svc=$(echo "$p" | awk -F/ '{
|
|
for (i=1;i<=NF;i++) if ($i=="log" || $i=="logs") { print $(i+1); exit }
|
|
}')
|
|
[ -z "$svc" ] && svc="other"
|
|
# CSV-escape quotes/commas in path
|
|
esc=$(printf '%s' "$p" | sed 's/"/""/g')
|
|
printf '"%s",%s,"%s","%s"\n' "$esc" "$sz" "$mt" "$svc"
|
|
done
|