init
This commit is contained in:
88
README.md
Normal file
88
README.md
Normal file
@@ -0,0 +1,88 @@
|
||||
# nginx & naxsi to logbull
|
||||
|
||||
This python project parses the logs from nginx and naxsi and sends them to logbull. To do this it uses the logbull api and follows the nginx combined log format.
|
||||
|
||||
## logbull sample
|
||||
|
||||
```python
|
||||
import time
|
||||
from logbull import LogBullLogger
|
||||
|
||||
# Initialize logger
|
||||
logger = LogBullLogger(
|
||||
host="http://192.168.0.252:4005",
|
||||
project_id="778e67d7-5ec6-4c48-b199-cfbded605557",
|
||||
)
|
||||
|
||||
# Log messages (printed to console AND sent to LogBull)
|
||||
logger.info("User logged in successfully", fields={
|
||||
"user_id": "12345",
|
||||
"username": "john_doe",
|
||||
"ip": "192.168.1.100"
|
||||
})
|
||||
|
||||
# With context
|
||||
session_logger = logger.with_context({
|
||||
"session_id": "sess_abc123",
|
||||
"user_id": "user_456"
|
||||
})
|
||||
|
||||
session_logger.info("Processing request", fields={
|
||||
"action": "purchase"
|
||||
})
|
||||
|
||||
# We need to wait a bit in short-living scripts when logs
|
||||
# received by Log Bull. This is not needed in production
|
||||
logger.flush()
|
||||
time.sleep(3)
|
||||
```
|
||||
|
||||
## Sample logs
|
||||
|
||||
```
|
||||
root@ov-9180d2:~# tail /var/log/nginx/access.log
|
||||
45.153.34.68 - - [02/Mar/2026:21:22:38 +0000] "GET / HTTP/1.1" 444 0 "-" "Mozilla/5.0"
|
||||
45.153.34.68 - - [02/Mar/2026:21:22:38 +0000] "POST / HTTP/1.1" 444 0 "-" "Mozilla/5.0"
|
||||
176.65.134.20 - - [02/Mar/2026:21:30:25 +0000] "PROPFIND / HTTP/1.1" 444 0 "http://89.47.50.242:443/" "-"
|
||||
176.65.149.233 - - [02/Mar/2026:21:34:35 +0000] "GET / HTTP/1.1" 444 0 "-" "Mozilla/1.0"
|
||||
176.65.148.66 - - [02/Mar/2026:21:41:20 +0000] "HEAD / HTTP/1.1" 444 0 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org )"
|
||||
20.64.104.237 - - [02/Mar/2026:21:48:03 +0000] "GET /login HTTP/1.1" 444 0 "-" "Mozilla/5.0 zgrab/0.x"
|
||||
79.124.40.174 - - [02/Mar/2026:21:53:05 +0000] "GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
|
||||
142.248.80.187 - - [02/Mar/2026:22:00:17 +0000] "GET / HTTP/1.0" 444 0 "-" "Shodan-Pull/1.0"
|
||||
80.66.83.43 - - [02/Mar/2026:22:05:39 +0000] "\x03\x00\x00/*\xE0\x00\x00\x00\x00\x00Cookie: mstshash=Administr" 400 0 "-" "-"
|
||||
45.194.92.25 - - [02/Mar/2026:22:08:40 +0000] "GET / HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.46"
|
||||
root@ov-9180d2:~# tail /var/log/nginx/access/jellyfin_nussnougate_net_access.log
|
||||
185.71.113.95 - - [02/Mar/2026:04:11:43 +0000] "GET /favicon.ico HTTP/1.1" 503 4508 "-" "Mozilla/5.0 (iPad; CPU OS 18_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Brave/1 Mobile/15E148 Safari/604.1"
|
||||
185.71.113.95 - - [02/Mar/2026:04:11:48 +0000] "GET /System/Info/Public HTTP/1.1" 503 73 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Brave/1 Version/18.1.1 Safari/605.1.15"
|
||||
185.71.113.95 - - [02/Mar/2026:04:11:48 +0000] "GET /System/Info/Public HTTP/1.1" 503 68 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Brave/1 Version/18.1.1 Safari/605.1.15"
|
||||
185.71.113.95 - - [02/Mar/2026:04:11:48 +0000] "GET /System/Info/Public HTTP/1.1" 503 73 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Brave/1 Version/18.1.1 Safari/605.1.15"
|
||||
185.71.113.95 - - [02/Mar/2026:04:11:50 +0000] "POST /Sessions/Playing/Progress HTTP/1.1" 503 68 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36"
|
||||
185.71.113.95 - - [02/Mar/2026:05:08:10 +0000] "GET /socket?api_key=a77d7b7b02f4486587562dbf0bc88ed6&deviceId=TW96aWxsYS81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTVfNykgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBCcmF2ZS8xIFZlcnNpb24vMTguMS4xIFNhZmFyaS82MDUuMS4xNXwxNzcyMTYzNjIxNDk1 HTTP/1.1" 101 35233 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Brave/1 Version/18.1.1 Safari/605.1.15"
|
||||
71.6.134.232 - - [02/Mar/2026:07:20:00 +0000] "GET /touchicon.f5bbb798cb2c65908633.png HTTP/1.1" 404 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
|
||||
192.253.248.11 - - [02/Mar/2026:14:13:56 +0000] "GET / HTTP/1.1" 403 398 "http://jellyfin.nussnougate.net//.git/HEAD" "Go-http-client/1.1"
|
||||
62.12.134.6 - - [02/Mar/2026:17:28:27 +0000] "GET /socket?api_key=f6485020938e4243b5ccbf62db6d5743&deviceId=TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjoxNDYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xNDYuMHwxNzY2MTA2ODM1NzQz HTTP/1.1" 101 4171 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:148.0) Gecko/20100101 Firefox/148.0"
|
||||
185.19.123.118 - - [02/Mar/2026:17:55:11 +0000] "GET /socket?api_key=1f19a111fdbe41d28ebbcd7f659a32c8&deviceId=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyOS4wLjAuMCBTYWZhcmkvNTM3LjM2fDE3Mjg2NzE5MjAxMTI1 HTTP/1.1" 101 5521 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36"
|
||||
root@ov-9180d2:~# tail /var/log/nginx/error/jellyfin_nussnougate_net_error.log
|
||||
2026/03/02 04:11:13 [error] 1083281#1083281: *3381930 connect() failed (113: No route to host) while connecting to upstream, client: 185.71.113.95, server: jellyfin.nussnougate.net, request: "POST /Sessions/Playing/Progress HTTP/1.1", upstream: "http://192.168.100.101:8096/Sessions/Playing/Progress", host: "jellyfin.nussnougate.net"
|
||||
2026/03/02 04:11:21 [error] 1083281#1083281: *3383437 connect() failed (113: No route to host) while connecting to upstream, client: 185.143.100.163, server: jellyfin.nussnougate.net, request: "GET / HTTP/1.1", upstream: "http://192.168.100.101:8096/", host: "jellyfin.nussnougate.net"
|
||||
2026/03/02 04:11:21 [error] 1083281#1083281: *3381108 connect() failed (113: No route to host) while connecting to upstream, client: 185.71.113.95, server: jellyfin.nussnougate.net, request: "POST /Sessions/Playing/Progress HTTP/1.1", upstream: "http://192.168.100.101:8096/Sessions/Playing/Progress", host: "jellyfin.nussnougate.net"
|
||||
2026/03/02 04:11:21 [error] 1083281#1083281: *3381930 connect() failed (113: No route to host) while connecting to upstream, client: 185.71.113.95, server: jellyfin.nussnougate.net, request: "POST /Sessions/Playing/Progress HTTP/1.1", upstream: "http://192.168.100.101:8096/Sessions/Playing/Progress", host: "jellyfin.nussnougate.net"
|
||||
2026/03/02 04:11:33 [error] 1083281#1083281: *3381108 connect() failed (113: No route to host) while connecting to upstream, client: 185.71.113.95, server: jellyfin.nussnougate.net, request: "POST /Sessions/Playing/Progress HTTP/1.1", upstream: "http://192.168.100.101:8096/Sessions/Playing/Progress", host: "jellyfin.nussnougate.net"
|
||||
2026/03/02 04:11:33 [error] 1083281#1083281: *3381930 connect() failed (113: No route to host) while connecting to upstream, client: 185.71.113.95, server: jellyfin.nussnougate.net, request: "POST /Sessions/Playing/Progress HTTP/1.1", upstream: "http://192.168.100.101:8096/Sessions/Playing/Progress", host: "jellyfin.nussnougate.net"
|
||||
2026/03/02 04:11:42 [error] 1083281#1083281: *3381930 connect() failed (113: No route to host) while connecting to upstream, client: 185.71.113.95, server: jellyfin.nussnougate.net, request: "POST /Sessions/Playing/Progress HTTP/1.1", upstream: "http://192.168.100.101:8096/Sessions/Playing/Progress", host: "jellyfin.nussnougate.net"
|
||||
2026/03/02 04:11:42 [error] 1083281#1083281: *3383470 connect() failed (113: No route to host) while connecting to upstream, client: 185.71.113.95, server: jellyfin.nussnougate.net, request: "GET /web/ HTTP/1.1", upstream: "http://192.168.100.101:8096/web/", host: "jellyfin.nussnougate.net"
|
||||
2026/03/02 04:11:42 [error] 1083281#1083281: *3383472 connect() failed (113: No route to host) while connecting to upstream, client: 185.71.113.95, server: jellyfin.nussnougate.net, request: "GET /web/serviceworker.js HTTP/1.1", upstream: "http://192.168.100.101:8096/web/serviceworker.js", host: "jellyfin.nussnougate.net", referrer: ""
|
||||
2026/03/02 14:13:56 [error] 1083281#1083281: *3426455 {"ip":"192.253.248.11","server":"jellyfin.nussnougate.net","uri":"/","config":"block","rid":"a3da57ce31e7a5489d0625abe261f6e0","cscore0":"$UWA","score0":8,"zone0":"HEADERS","id0":10000034,"var_name0":"user-agent"}, client: 192.253.248.11, server: jellyfin.nussnougate.net, request: "GET / HTTP/1.1", host: "jellyfin.nussnougate.net", referrer: "http://jellyfin.nussnougate.net//.git/HEAD"
|
||||
root@ov-9180d2:~# tail /var/log/nginx/error.log
|
||||
2026/03/02 12:38:34 [crit] 1083281#1083281: *3419261 SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking, client: 5.34.178.101, server: 0.0.0.0:443
|
||||
2026/03/02 13:29:38 [crit] 1083281#1083281: *3423182 SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking, client: 161.35.149.67, server: 0.0.0.0:443
|
||||
2026/03/02 13:52:16 [crit] 1083281#1083281: *3424723 SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking, client: 5.181.27.147, server: 0.0.0.0:443
|
||||
2026/03/02 14:26:22 [crit] 1083281#1083281: *3427277 SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking, client: 5.34.178.101, server: 0.0.0.0:443
|
||||
2026/03/02 14:30:52 [crit] 1083281#1083281: *3427554 SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking, client: 5.181.27.147, server: 0.0.0.0:443
|
||||
2026/03/02 15:03:04 [crit] 1083281#1083281: *3429741 SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking, client: 5.181.27.147, server: 0.0.0.0:443
|
||||
2026/03/02 18:12:09 [crit] 1083281#1083281: *3438318 SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking, client: 5.34.178.101, server: 0.0.0.0:443
|
||||
2026/03/02 18:19:32 [crit] 1083281#1083281: *3438599 SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking, client: 5.181.27.147, server: 0.0.0.0:443
|
||||
2026/03/02 19:06:30 [crit] 1083281#1083281: *3440094 SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking, client: 123.6.49.36, server: 0.0.0.0:443
|
||||
2026/03/02 19:21:28 [crit] 1083281#1083281: *3440617 SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking, client: 123.6.49.9, server: 0.0.0.0:443
|
||||
```
|
||||
|
||||
Reference in New Issue
Block a user