artanis/LLM-Powered-Monitoring-Agent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add UFW log monitoring

Browse Source 
- Added a new function `get_ufw_logs` to monitor `/var/log/ufw.log`.
- Added a new table `ufw_logs` to the database to store UFW log data.
- Updated `analyze_data_locally` to detect anomalies in UFW logs (high number of blocked connections).
- Integrated the new functionality into the main monitoring loop.
This commit is contained in:
Spencer
2025-09-15 13:22:37 -05:00
parent 0f0bdd2da7
commit 12e6ba0135
6 changed files with 73 additions and 876 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
tmp/monitoring_agent.log
View File

@@ -468,3 +468,11 @@
2025-09-15 13:05:10,695 - DEBUG - __main__ - Exiting analyze_data_locally
2025-09-15 13:05:10,695 - DEBUG - __main__ - Exiting run_monitoring_cycle
2025-09-15 13:05:10,695 - DEBUG - __main__ - Exiting main
2025-09-15 13:21:41,948 - INFO - Running in test mode...
2025-09-15 13:21:41,949 - INFO - Running monitoring cycle...
2025-09-15 13:21:44,096 - WARNING - Nmap -sS scan requires root privileges. Falling back to -sT.
2025-09-15 13:21:56,641 - INFO - Detected 9 anomalies: [{'severity': 'high', 'reason': 'High number of blocked connections (1477) from IP address: 23.28.198.165'}, {'severity': 'high', 'reason': 'High number of blocked connections (33) from IP address: 84.252.134.217'}, {'severity': 'high', 'reason': 'High number of blocked connections (140) from IP address: 51.250.10.6'}, {'severity': 'high', 'reason': 'High number of blocked connections (48) from IP address: 158.160.20.113'}, {'severity': 'high', 'reason': 'High number of blocked connections (13) from IP address: 182.93.50.90'}, {'severity': 'high', 'reason': 'High number of blocked connections (82) from IP address: 172.22.0.2'}, {'severity': 'high', 'reason': 'High number of blocked connections (591) from IP address: 192.168.2.117'}, {'severity': 'high', 'reason': 'High number of blocked connections (12) from IP address: 172.23.0.2'}, {'severity': 'high', 'reason': 'High number of blocked connections (11) from IP address: 192.168.2.104'}]
2025-09-15 13:21:56,642 - INFO - Generating LLM report...
2025-09-15 13:22:04,084 - INFO - LLM Response: {'severity': 'high', 'reason': 'High number of blocked connections detected from multiple IP addresses: 23.28.198.165 (1477), 84.252.134.217 (33), 51.250.10.6 (140), 158.160.20.113 (48), 182.93.50.90 (13), 172.22.0.2 (82), 192.168.2.117 (591), 172.23.0.2 (12), and 192.168.2.104 (11). This indicates a potential coordinated attack or misconfigured system.'}
2025-09-15 13:22:04,982 - ERROR - Error sending Discord alert: 400 - b'{"content": ["Must be 2000 or fewer in length."]}'
2025-09-15 13:22:11,390 - INFO - Google Home alert sent successfully.