Skip to content
/ logagent Public

A simple program to scan a log file for text tags and emit actions

License

View license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

caltechlibrary/logagent

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
pagefind
pagefind
 
 
presentations
presentations
 
 
testdata
testdata
 
 
.gitignore
.gitignore
 
 
.nojekyll
.nojekyll
 
 
CITATION.cff
CITATION.cff
 
 
INSTALL.html
INSTALL.html
 
 
INSTALL.md
INSTALL.md
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
about.html
about.html
 
 
about.md
about.md
 
 
codemeta-bash-installer.tmpl
codemeta-bash-installer.tmpl
 
 
codemeta-ps1-installer.tmpl
codemeta-ps1-installer.tmpl
 
 
codemeta.json
codemeta.json
 
 
deno.json
deno.json
 
 
deno.lock
deno.lock
 
 
helptext.ts
helptext.ts
 
 
index.html
index.html
 
 
installer.ps1
installer.ps1
 
 
installer.sh
installer.sh
 
 
links-to-html.lua
links-to-html.lua
 
 
logagent.1.html
logagent.1.html
 
 
logagent.1.md
logagent.1.md
 
 
logagent.ts
logagent.ts
 
 
logagent_test.ts
logagent_test.ts
 
 
main.ts
main.ts
 
 
page.tmpl
page.tmpl
 
 
publish.bash
publish.bash
 
 
release.bash
release.bash
 
 
search.html
search.html
 
 
search.md
search.md
 
 
user_manual.html
user_manual.html
 
 
user_manual.md
user_manual.md
 
 
version.ts
version.ts
 
 
website.mak
website.mak
 
 

Repository files navigation

Log Agent

This is a simplified log processor that looks for explicit text on a line, parses the line for an IP address and then applies the associated action. It is inspired by fail2ban but is written in response fail2ban's complexity. Caltech Library needed a simple tool to do a narrow task that was oddly challenging using fail2ban. There is always a balancing act between a tool features and those that are simpler targeting a more specific issue.

Approach

Log agent reads input line by line. If checks if a tag (explicit sub-string) is contained in that line. If a match is found then the agent extracts any IP addresses identified before applying a rule associated with the tag.

The log agent requires a configuration file written in YAML. The configuration holds an array of objects. Each object has the following attributes.

tag : The explicit search string (i.e. not regular expressions)

action : The command to execute if tag is found

Here's an example configuration YAML file.

- tag: BadBot
  action: |
    sudo iptables -A INPUT -p tcp -m multiport
    --dports 80,443 -s {ipaddress} -j DROP

If the text "BadBot" is found in the log line. and the IP address "156.59.198.136" was found in the log line then the following command would be executed.

    sudo iptables -A INPUT -p tcp -m multiport
         --dports 80,443 -s 156.59.198.136 -j DROP

USAGE:

logagent CONFIG_FILE LOG_FILE [OPTIONS]

The CONFIG_FILE is the YAML file used to configure the logagent and the log file is the fail to process. The LOG_FILE must be provided.

sudo logagent badbots.yaml /var/log/nginx/access.log

If you wanted to test the agent configuration then the two examples below are helpful.

sudo logagent badbots.yaml /var/log/nginx/access.log --dry_run

OPTIONS

-h, --help : display help

-v, --version : display version

-l, --license : display license

-d, --dry_run : don't take any actions, instead write each action to standard out. This lets you capture them in a bash or Powershell script.

For more information see the following documentation pages.

About

A simple program to scan a log file for text tags and emit actions

Resources

Readme

License

View license
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases 2

Improved action handling Latest
Jan 24, 2025
+ 1 release

Packages

No packages published

Languages