| title | author | institute | description | urlcolor | linkstyle | aspectratio | createDate | updateDate | pubDate | place | date | section-titles | toc | keywords | url | ||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Log Agent, rational and how it works |
R. S. Doiel, <[email protected]> |
Caltech Library,
Digital Library Development
|
Caltech Library Digital Development Group presentation |
blue |
bold |
169 |
2025-01-24 |
2025-01-24 |
TBD |
TBD |
2025-01-24 |
false |
true |
|
Why Log Agent?
- fail2ban is very capable
- fail2ban became challenging to do a simple things
- Caltech Library gets pounded by unruly spiders and bots
- They usually a easy to spot in the log using a unique string
- Creating/updating fail2ban filters became a time sink
Solution, use something simpler along side fail2ban.
- A very simple YAML file, defines a list of objects with a "tag" and "action"
- Reads in a log and find tags then apply action
- A list of objects
- Each object contains a tag and action attribute
- The tag is the string to search for
- The action is the command to execute
{ipaddress}can be used for the IP address found in the log line
Search for "BadBot" and ban it with iptables.
- tag: BadBot
action: |
sudo iptables -A INPUT -p tcp -m multiport
--dports 80,443 -s {ipaddress} -j DROP- YAML configuration
badbot.yaml - Log file at
/var/log/nginx/access.log
sudo logagent badbot.yaml /var/log/nginx/access.logFor each IP address identified on a tagged log line the action will be executed. Given the example action that means the IP address associated with log lines containing "BadBot" are banned from connecting to ports 80 and 443.
Log Agent is an experimental "proof of concept" simple log processor written in TypeScript and compiled with Deno into a stand alone executable. It is a naive tool so take care with the action you assign for a tag.
- GitHub Repository, https://github.com/caltechlibrary/logagent
- Website, https://caltechlibrary.github.io/logagent
- This presentation, https://caltechlibrary.github.io/logagent/presentations/presentation1.html