commit 589f560137dff350bbf1755639a708e56593609a Author: sevi-kun Date: Mon Mar 2 23:11:45 2026 +0100 init diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..505a3b1 --- /dev/null +++ b/.gitignore @@ -0,0 +1,10 @@ +# Python-generated files +__pycache__/ +*.py[oc] +build/ +dist/ +wheels/ +*.egg-info + +# Virtual environments +.venv diff --git a/.python-version b/.python-version new file mode 100644 index 0000000..6324d40 --- /dev/null +++ b/.python-version @@ -0,0 +1 @@ +3.14 diff --git a/README.md b/README.md new file mode 100644 index 0000000..389badf --- /dev/null +++ b/README.md @@ -0,0 +1,88 @@ +# nginx & naxsi to logbull + +This python project parses the logs from nginx and naxsi and sends them to logbull. To do this it uses the logbull api and follows the nginx combined log format. + +## logbull sample + +```python +import time +from logbull import LogBullLogger + +# Initialize logger +logger = LogBullLogger( + host="http://192.168.0.252:4005", + project_id="778e67d7-5ec6-4c48-b199-cfbded605557", +) + +# Log messages (printed to console AND sent to LogBull) +logger.info("User logged in successfully", fields={ + "user_id": "12345", + "username": "john_doe", + "ip": "192.168.1.100" +}) + +# With context +session_logger = logger.with_context({ + "session_id": "sess_abc123", + "user_id": "user_456" +}) + +session_logger.info("Processing request", fields={ + "action": "purchase" +}) + +# We need to wait a bit in short-living scripts when logs +# received by Log Bull. This is not needed in production +logger.flush() +time.sleep(3) +``` + +## Sample logs + +``` +root@ov-9180d2:~# tail /var/log/nginx/access.log +45.153.34.68 - - [02/Mar/2026:21:22:38 +0000] "GET / HTTP/1.1" 444 0 "-" "Mozilla/5.0" +45.153.34.68 - - [02/Mar/2026:21:22:38 +0000] "POST / HTTP/1.1" 444 0 "-" "Mozilla/5.0" +176.65.134.20 - - [02/Mar/2026:21:30:25 +0000] "PROPFIND / HTTP/1.1" 444 0 "http://89.47.50.242:443/" "-" +176.65.149.233 - - [02/Mar/2026:21:34:35 +0000] "GET / HTTP/1.1" 444 0 "-" "Mozilla/1.0" +176.65.148.66 - - [02/Mar/2026:21:41:20 +0000] "HEAD / HTTP/1.1" 444 0 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org )" +20.64.104.237 - - [02/Mar/2026:21:48:03 +0000] "GET /login HTTP/1.1" 444 0 "-" "Mozilla/5.0 zgrab/0.x" +79.124.40.174 - - [02/Mar/2026:21:53:05 +0000] "GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" +142.248.80.187 - - [02/Mar/2026:22:00:17 +0000] "GET / HTTP/1.0" 444 0 "-" "Shodan-Pull/1.0" +80.66.83.43 - - [02/Mar/2026:22:05:39 +0000] "\x03\x00\x00/*\xE0\x00\x00\x00\x00\x00Cookie: mstshash=Administr" 400 0 "-" "-" +45.194.92.25 - - [02/Mar/2026:22:08:40 +0000] "GET / HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.46" +root@ov-9180d2:~# tail /var/log/nginx/access/jellyfin_nussnougate_net_access.log +185.71.113.95 - - [02/Mar/2026:04:11:43 +0000] "GET /favicon.ico HTTP/1.1" 503 4508 "-" "Mozilla/5.0 (iPad; CPU OS 18_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Brave/1 Mobile/15E148 Safari/604.1" +185.71.113.95 - - [02/Mar/2026:04:11:48 +0000] "GET /System/Info/Public HTTP/1.1" 503 73 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Brave/1 Version/18.1.1 Safari/605.1.15" +185.71.113.95 - - [02/Mar/2026:04:11:48 +0000] "GET /System/Info/Public HTTP/1.1" 503 68 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Brave/1 Version/18.1.1 Safari/605.1.15" +185.71.113.95 - - [02/Mar/2026:04:11:48 +0000] "GET /System/Info/Public HTTP/1.1" 503 73 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Brave/1 Version/18.1.1 Safari/605.1.15" +185.71.113.95 - - [02/Mar/2026:04:11:50 +0000] "POST /Sessions/Playing/Progress HTTP/1.1" 503 68 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36" +185.71.113.95 - - [02/Mar/2026:05:08:10 +0000] "GET /socket?api_key=a77d7b7b02f4486587562dbf0bc88ed6&deviceId=TW96aWxsYS81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTVfNykgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBCcmF2ZS8xIFZlcnNpb24vMTguMS4xIFNhZmFyaS82MDUuMS4xNXwxNzcyMTYzNjIxNDk1 HTTP/1.1" 101 35233 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Brave/1 Version/18.1.1 Safari/605.1.15" +71.6.134.232 - - [02/Mar/2026:07:20:00 +0000] "GET /touchicon.f5bbb798cb2c65908633.png HTTP/1.1" 404 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" +192.253.248.11 - - [02/Mar/2026:14:13:56 +0000] "GET / HTTP/1.1" 403 398 "http://jellyfin.nussnougate.net//.git/HEAD" "Go-http-client/1.1" +62.12.134.6 - - [02/Mar/2026:17:28:27 +0000] "GET /socket?api_key=f6485020938e4243b5ccbf62db6d5743&deviceId=TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjoxNDYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xNDYuMHwxNzY2MTA2ODM1NzQz HTTP/1.1" 101 4171 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:148.0) Gecko/20100101 Firefox/148.0" +185.19.123.118 - - [02/Mar/2026:17:55:11 +0000] "GET /socket?api_key=1f19a111fdbe41d28ebbcd7f659a32c8&deviceId=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyOS4wLjAuMCBTYWZhcmkvNTM3LjM2fDE3Mjg2NzE5MjAxMTI1 HTTP/1.1" 101 5521 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36" +root@ov-9180d2:~# tail /var/log/nginx/error/jellyfin_nussnougate_net_error.log +2026/03/02 04:11:13 [error] 1083281#1083281: *3381930 connect() failed (113: No route to host) while connecting to upstream, client: 185.71.113.95, server: jellyfin.nussnougate.net, request: "POST /Sessions/Playing/Progress HTTP/1.1", upstream: "http://192.168.100.101:8096/Sessions/Playing/Progress", host: "jellyfin.nussnougate.net" +2026/03/02 04:11:21 [error] 1083281#1083281: *3383437 connect() failed (113: No route to host) while connecting to upstream, client: 185.143.100.163, server: jellyfin.nussnougate.net, request: "GET / HTTP/1.1", upstream: "http://192.168.100.101:8096/", host: "jellyfin.nussnougate.net" +2026/03/02 04:11:21 [error] 1083281#1083281: *3381108 connect() failed (113: No route to host) while connecting to upstream, client: 185.71.113.95, server: jellyfin.nussnougate.net, request: "POST /Sessions/Playing/Progress HTTP/1.1", upstream: "http://192.168.100.101:8096/Sessions/Playing/Progress", host: "jellyfin.nussnougate.net" +2026/03/02 04:11:21 [error] 1083281#1083281: *3381930 connect() failed (113: No route to host) while connecting to upstream, client: 185.71.113.95, server: jellyfin.nussnougate.net, request: "POST /Sessions/Playing/Progress HTTP/1.1", upstream: "http://192.168.100.101:8096/Sessions/Playing/Progress", host: "jellyfin.nussnougate.net" +2026/03/02 04:11:33 [error] 1083281#1083281: *3381108 connect() failed (113: No route to host) while connecting to upstream, client: 185.71.113.95, server: jellyfin.nussnougate.net, request: "POST /Sessions/Playing/Progress HTTP/1.1", upstream: "http://192.168.100.101:8096/Sessions/Playing/Progress", host: "jellyfin.nussnougate.net" +2026/03/02 04:11:33 [error] 1083281#1083281: *3381930 connect() failed (113: No route to host) while connecting to upstream, client: 185.71.113.95, server: jellyfin.nussnougate.net, request: "POST /Sessions/Playing/Progress HTTP/1.1", upstream: "http://192.168.100.101:8096/Sessions/Playing/Progress", host: "jellyfin.nussnougate.net" +2026/03/02 04:11:42 [error] 1083281#1083281: *3381930 connect() failed (113: No route to host) while connecting to upstream, client: 185.71.113.95, server: jellyfin.nussnougate.net, request: "POST /Sessions/Playing/Progress HTTP/1.1", upstream: "http://192.168.100.101:8096/Sessions/Playing/Progress", host: "jellyfin.nussnougate.net" +2026/03/02 04:11:42 [error] 1083281#1083281: *3383470 connect() failed (113: No route to host) while connecting to upstream, client: 185.71.113.95, server: jellyfin.nussnougate.net, request: "GET /web/ HTTP/1.1", upstream: "http://192.168.100.101:8096/web/", host: "jellyfin.nussnougate.net" +2026/03/02 04:11:42 [error] 1083281#1083281: *3383472 connect() failed (113: No route to host) while connecting to upstream, client: 185.71.113.95, server: jellyfin.nussnougate.net, request: "GET /web/serviceworker.js HTTP/1.1", upstream: "http://192.168.100.101:8096/web/serviceworker.js", host: "jellyfin.nussnougate.net", referrer: "" +2026/03/02 14:13:56 [error] 1083281#1083281: *3426455 {"ip":"192.253.248.11","server":"jellyfin.nussnougate.net","uri":"/","config":"block","rid":"a3da57ce31e7a5489d0625abe261f6e0","cscore0":"$UWA","score0":8,"zone0":"HEADERS","id0":10000034,"var_name0":"user-agent"}, client: 192.253.248.11, server: jellyfin.nussnougate.net, request: "GET / HTTP/1.1", host: "jellyfin.nussnougate.net", referrer: "http://jellyfin.nussnougate.net//.git/HEAD" +root@ov-9180d2:~# tail /var/log/nginx/error.log +2026/03/02 12:38:34 [crit] 1083281#1083281: *3419261 SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking, client: 5.34.178.101, server: 0.0.0.0:443 +2026/03/02 13:29:38 [crit] 1083281#1083281: *3423182 SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking, client: 161.35.149.67, server: 0.0.0.0:443 +2026/03/02 13:52:16 [crit] 1083281#1083281: *3424723 SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking, client: 5.181.27.147, server: 0.0.0.0:443 +2026/03/02 14:26:22 [crit] 1083281#1083281: *3427277 SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking, client: 5.34.178.101, server: 0.0.0.0:443 +2026/03/02 14:30:52 [crit] 1083281#1083281: *3427554 SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking, client: 5.181.27.147, server: 0.0.0.0:443 +2026/03/02 15:03:04 [crit] 1083281#1083281: *3429741 SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking, client: 5.181.27.147, server: 0.0.0.0:443 +2026/03/02 18:12:09 [crit] 1083281#1083281: *3438318 SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking, client: 5.34.178.101, server: 0.0.0.0:443 +2026/03/02 18:19:32 [crit] 1083281#1083281: *3438599 SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking, client: 5.181.27.147, server: 0.0.0.0:443 +2026/03/02 19:06:30 [crit] 1083281#1083281: *3440094 SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking, client: 123.6.49.36, server: 0.0.0.0:443 +2026/03/02 19:21:28 [crit] 1083281#1083281: *3440617 SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking, client: 123.6.49.9, server: 0.0.0.0:443 +``` + diff --git a/main.py b/main.py new file mode 100644 index 0000000..96fefbe --- /dev/null +++ b/main.py @@ -0,0 +1,6 @@ +def main(): + print("Hello from proxy-to-logbull!") + + +if __name__ == "__main__": + main() diff --git a/pyproject.toml b/pyproject.toml new file mode 100644 index 0000000..4388637 --- /dev/null +++ b/pyproject.toml @@ -0,0 +1,9 @@ +[project] +name = "proxy-to-logbull" +version = "0.1.0" +description = "Add your description here" +readme = "README.md" +requires-python = ">=3.14" +dependencies = [ + "logbull>=0.9.0", +] diff --git a/uv.lock b/uv.lock new file mode 100644 index 0000000..47868ef --- /dev/null +++ b/uv.lock @@ -0,0 +1,23 @@ +version = 1 +revision = 3 +requires-python = ">=3.14" + +[[package]] +name = "logbull" +version = "0.9.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/12/ba/c248286f158c41633c62f61acce72d2be29892d8d5ee909eef9310a898a5/logbull-0.9.0.tar.gz", hash = "sha256:ffa037abeb2351dd24f83ebbfbf715e1144aa83c1ee62912fe67eba6e7547c31", size = 36097, upload-time = "2025-10-25T11:40:36.571Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/00/63/36038493ee4da46a6d25c3279bffb1ae387f501c83f84bddfb5cbb9b447e/logbull-0.9.0-py3-none-any.whl", hash = "sha256:add6baa3ef60f329adc49c9b6a75ea1a3515cc4c43c5542c439fec26be72a82e", size = 24642, upload-time = "2025-10-25T11:40:35.547Z" }, +] + +[[package]] +name = "proxy-to-logbull" +version = "0.1.0" +source = { virtual = "." } +dependencies = [ + { name = "logbull" }, +] + +[package.metadata] +requires-dist = [{ name = "logbull", specifier = ">=0.9.0" }]