diff --git a/.gitignore b/.gitignore index ba9b705..cd3db79 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,2 @@ GEMINI.md PROGRESS.md -SPEC.md \ No newline at end of file diff --git a/CONSTRAINTS.md b/CONSTRAINTS.md new file mode 100644 index 0000000..efb6b8d --- /dev/null +++ b/CONSTRAINTS.md @@ -0,0 +1,7 @@ +## LLM Constraints and Guidelines + +- Do not flag minor fluctuations in network Round Trip Time (RTT) as anomalies. These are considered normal network variance. +- Prioritize security-related events such as failed login attempts, unauthorized access, or unusual network connections. +- Focus on events indicating loss of connectivity or unreachable hosts. +- Highlight any unexpected network additions or unusual traffic patterns. +- The DNS server 8.8.8.8 is Google's public DNS server and is a legitimate destination. Do not flag requests to 8.8.8.8 as anomalous. \ No newline at end of file diff --git a/README.md b/README.md index c8a9267..4cf56dc 100644 --- a/README.md +++ b/README.md @@ -60,6 +60,9 @@ The script will start a continuous monitoring loop. Every 5 minutes, it will: 1. Collect simulated system and network data. 2. Send the data to the local LLM for analysis. -3. If the LLM detects an anomaly, it will send an alert to your configured Discord channel and broadcast a message to your Google Home speaker via Home Assistant. +3. If the LLM detects a **high-severity** anomaly, it will send an alert to your configured Discord channel and broadcast a message to your Google Home speaker via Home Assistant. +4. At the time specified in `DAILY_RECAP_TIME`, a summary of all anomalies for the day will be sent to the Discord channel. The script will print its status and any detected anomalies to the console. + +**Note on Mock Data:** The current version of the script uses mock data for system logs and network metrics. To use this in a real-world scenario, you would need to replace the mock data with actual data from your systems. diff --git a/SPEC.md b/SPEC.md new file mode 100644 index 0000000..c299410 --- /dev/null +++ b/SPEC.md @@ -0,0 +1,86 @@ +# Project Specification: LLM-Powered Monitoring Agent + +## 1. Project Goal + +The primary goal of this project is to develop a self-contained Python script, `monitor_agent.py`, that functions as a monitoring agent. This agent will collect system and network data, use a locally hosted Large Language Model (LLM) to analyze the data for anomalies, and send alerts through Discord and Home Assistant if an anomaly is detected. + +## 2. Core Components + +The project will be composed of the following files: + +- **`monitor_agent.py`**: The main Python script containing the core logic for data collection, analysis, and alerting. +- **`config.py`**: A configuration file to store sensitive information and settings, such as API keys and URLs. +- **`requirements.txt`**: A file listing all the necessary Python libraries for the project. +- **`README.md`**: A documentation file providing an overview of the project, setup instructions, and usage examples. +- **`.gitignore`**: A file to specify which files and directories should be ignored by Git. +- **`PROGRESS.md`**: A file to track the development progress of the project. + +## 3. Functional Requirements + +### 3.1. Configuration + +- The agent must load configuration from `config.py`. +- The configuration shall include placeholders for: + - `DISCORD_WEBHOOK_URL` + - `HOME_ASSISTANT_URL` + - `HOME_ASSISTANT_TOKEN` + - `GOOGLE_HOME_SPEAKER_ID` + - `DAILY_RECAP_TIME` + +### 3.2. Data Ingestion and Parsing + +- The agent must be able to collect and parse system logs. +- The agent must be able to collect and parse network metrics. +- The parsing of this data should result in a structured format (JSON or Python dictionary). + +### 3.3. LLM Analysis + +- The agent must use a local LLM (via Ollama) to analyze the collected data. +- The agent must construct a specific prompt to guide the LLM in identifying anomalies. +- The LLM's response will be either "OK" (no anomaly) or a natural language paragraph describing the anomaly, including a severity level (high, medium, low). + +### 3.4. Alerting + +- The agent must be able to send alerts to a Discord webhook. +- The agent must be able to trigger a text-to-speech (TTS) alert on a Google Home speaker via Home Assistant. + +### 3.5. Alerting Logic + +- Immediate alerts (Discord and Home Assistant) will only be sent for "high" severity anomalies. +- A daily recap of all anomalies (high, medium, and low) will be sent at a configurable time. + +### 3.6. Main Loop + +- The agent will run in a continuous loop. +- The loop will execute the data collection, analysis, and alerting steps periodically. +- The frequency of the monitoring loop will be configurable. + +## 4. Future Features + +- **4.1. Data Storage and Averaging**: Store historical system data to calculate baseline averages for more accurate anomaly detection. + +## 5. Technical Requirements + +- **Language**: Python 3.8+ +- **LLM**: `llama3.1:8b` running on a local Ollama instance. +- **Libraries**: + - `ollama` + - `discord-webhook` + - `requests` + - `syslog-rfc5424-parser` + - `apachelogs` + - `jc` + +## 6. Project Structure + +``` +/ +├── .gitignore +├── config.py +├── monitor_agent.py +├── PROMPT.md +├── README.md +├── requirements.txt +├── PROGRESS.md +└── SPEC.md +``` \ No newline at end of file diff --git a/__pycache__/config.cpython-313.pyc b/__pycache__/config.cpython-313.pyc index ed5a8a2..b0f9466 100644 Binary files a/__pycache__/config.cpython-313.pyc and b/__pycache__/config.cpython-313.pyc differ diff --git a/config.py b/config.py index 51221b9..aab66e9 100644 --- a/config.py +++ b/config.py @@ -1,14 +1,15 @@ -# Configuration for the Monitor Agent +# Configuration for the LLM-Powered Monitoring Agent -# Discord Webhook URL for alerts -DISCORD_WEBHOOK_URL = "https://discord.com/api/webhooks/1024892743987773471/3Oh1KOw9tevBd-XtUkj8Rz2K4SePCFsxKmRrHhQw5spDeZKNzoyYoq6zC2cnTKo8VjJn" +# Discord Webhook URL +DISCORD_WEBHOOK_URL = "" # Home Assistant Configuration -HOME_ASSISTANT_URL = "http://192.168.2.112:8123" -HOME_ASSISTANT_TOKEN = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiI1MGRhNGIxM2M3YzI0NzUxYTNjMTA1ZjhjNGZhMGE5MCIsImlhdCI6MTc1NTI4NTY1OSwiZXhwIjoyMDcwNjQ1NjU5fQ.QTW0-WlwEFi5dZPPqpNotJNYY6KVdY6aloT70Z8EK_U" +HOME_ASSISTANT_URL = "http://:8123" +HOME_ASSISTANT_TOKEN = "" +GOOGLE_HOME_SPEAKER_ID = "media_player.your_speaker_entity_id" -# Google Home Speaker Entity ID in Home Assistant -GOOGLE_HOME_SPEAKER_ID = "media_player.nestmini2138" +# Daily Recap Time (in 24-hour format, e.g., "20:00") +DAILY_RECAP_TIME = "20:00" -# Ollama Host -OLLAMA_HOST = "http://192.168.2.114:11434" \ No newline at end of file +# Test Mode (True to run once and exit, False to run continuously) +TEST_MODE = True diff --git a/data_storage.py b/data_storage.py new file mode 100644 index 0000000..79b52dc --- /dev/null +++ b/data_storage.py @@ -0,0 +1,59 @@ +# Data Storage for the LLM-Powered Monitoring Agent + +import json + +DATA_FILE = "historical_data.json" + +def store_data(data): + """Stores data in a JSON file.""" + try: + with open(DATA_FILE, 'r+') as f: + try: + historical_data = json.load(f) + except json.JSONDecodeError: + historical_data = [] + historical_data.append(data) + f.seek(0) + json.dump(historical_data, f, indent=2) + except FileNotFoundError: + with open(DATA_FILE, 'w') as f: + json.dump([data], f, indent=2) + +def get_historical_data(): + """Retrieves historical data from the JSON file.""" + try: + with open(DATA_FILE, 'r') as f: + return json.load(f) + except (FileNotFoundError, json.JSONDecodeError): + return [] + +def calculate_baselines(): + """Calculates baseline averages for network metrics.""" + historical_data = get_historical_data() + if not historical_data: + return None + + # Calculate average network metrics + total_packets_transmitted = 0 + total_packets_received = 0 + total_packet_loss_percent = 0 + total_round_trip_ms_avg = 0 + count = 0 + + for data in historical_data: + if "network_metrics" in data and data["network_metrics"]: + total_packets_transmitted += data["network_metrics"].get("packets_transmitted", 0) or 0 + total_packets_received += data["network_metrics"].get("packets_received", 0) or 0 + total_packet_loss_percent += data["network_metrics"].get("packet_loss_percent", 0) or 0 + total_round_trip_ms_avg += data["network_metrics"].get("round_trip_ms_avg", 0) or 0 + count += 1 + + if count == 0: + return None + + return { + "avg_packets_transmitted": total_packets_transmitted / count, + "avg_packets_received": total_packets_received / count, + "avg_packet_loss_percent": total_packet_loss_percent / count, + "avg_round_trip_ms_avg": total_round_trip_ms_avg / count, + } diff --git a/monitor_agent.log b/monitor_agent.log index 87d65ee..6236f0b 100644 --- a/monitor_agent.log +++ b/monitor_agent.log @@ -23,3 +23,1145 @@ Report: 2025-08-15 14:44:56,885 - INFO - Discord alert sent. 2025-08-15 14:44:56,891 - INFO - Google Home alert sent. 2025-08-15 14:44:56,891 - INFO - --- Cycle Complete, sleeping for 5 minutes --- +2025-08-15 15:20:07,557 - INFO - --- Running Monitoring Cycle --- +2025-08-15 15:20:07,558 - INFO - System Logs: {'log': "Failed login attempt for user 'root' from 10.0.0.1"} +2025-08-15 15:20:09,582 - WARNING - Could not parse ping output with jc. Returning raw output. +2025-08-15 15:20:09,582 - INFO - Network Metrics: {'ping_output': 'PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.\n64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=17.3 ms\n64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=17.0 ms\n64 bytes from 8.8.8.8: icmp_seq=3 ttl=111 time=18.5 ms\n\n--- 8.8.8.8 ping statistics ---\n3 packets transmitted, 3 received, 0% packet loss, time 2002ms\nrtt min/avg/max/mdev = 17.002/17.619/18.507/0.643 ms\n'} +2025-08-15 15:20:09,582 - INFO - Combined Data: { + "system_logs": { + "log": "Failed login attempt for user 'root' from 10.0.0.1" + }, + "network_metrics": { + "ping_output": "PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.\n64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=17.3 ms\n64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=17.0 ms\n64 bytes from 8.8.8.8: icmp_seq=3 ttl=111 time=18.5 ms\n\n--- 8.8.8.8 ping statistics ---\n3 packets transmitted, 3 received, 0% packet loss, time 2002ms\nrtt min/avg/max/mdev = 17.002/17.619/18.507/0.643 ms\n" + } +} +2025-08-15 15:20:23,526 - INFO - HTTP Request: POST http://192.168.2.114:11434/api/generate "HTTP/1.1 200 OK" +2025-08-15 15:20:23,527 - INFO - LLM Response: After analyzing the system and network data, I've identified an anomaly. + +The anomaly appears in the system logs where there was a failed login attempt for user 'root' from IP address 10.0.0.1. This could be indicative of a potential security breach or unauthorized access attempt. The severity of this anomaly is high due to the fact that it involves a privileged account and an external IP address, which may suggest malicious activity. + +I've reviewed the network metrics data, including the ping output to 8.8.8.8, and found no apparent issues with packet loss, latency, or other indicators of network problems. However, I must consider the possibility that the failed login attempt could be related to a network issue, such as a spoofed IP address or a compromised system on the same network. + +To mitigate this anomaly, it is recommended to investigate the source of the failed login attempt and review the system's access logs for any other suspicious activity. Additionally, administrators should ensure that all systems are running up-to-date software and firmware and implement additional security measures to prevent similar incidents in the future. +2025-08-15 15:20:23,527 - INFO - Anomaly detected, sending alerts... +2025-08-15 15:20:24,023 - INFO - Discord alert sent. +2025-08-15 15:20:24,032 - INFO - Google Home alert sent. +2025-08-15 15:20:24,032 - INFO - --- Cycle Complete, sleeping for 5 minutes --- +2025-08-15 15:23:31,198 - INFO - --- Running Monitoring Cycle --- +2025-08-15 15:23:31,383 - WARNING - Error parsing individual syslog line: 2025-08-15T15:22:38.789739-05:00 homelab systembridge[1156]: 2025-08-15T20:22:38.789292972Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/ - Unable to parse message: '2025-08-15T15:22:38.789739-05:00 homelab systembridge[1156]: 2025-08-15T20:22:38.789292972Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/\n' +2025-08-15 15:23:31,383 - WARNING - Error parsing individual syslog line: 2025-08-15T15:22:38.800105-05:00 homelab systembridge[1156]: 2025-08-15T20:22:38.800013908Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/ - Unable to parse message: '2025-08-15T15:22:38.800105-05:00 homelab systembridge[1156]: 2025-08-15T20:22:38.800013908Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/\n' +2025-08-15 15:23:31,383 - WARNING - Error parsing individual syslog line: 2025-08-15T15:22:38.802615-05:00 homelab systembridge[1156]: 2025-08-15T20:22:38.802541824Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running - Unable to parse message: '2025-08-15T15:22:38.802615-05:00 homelab systembridge[1156]: 2025-08-15T20:22:38.802541824Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running\n' +2025-08-15 15:23:31,383 - WARNING - Error parsing individual syslog line: 2025-08-15T15:22:38.802700-05:00 homelab systembridge[1156]: 2025-08-15T20:22:38.802587117Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again - Unable to parse message: '2025-08-15T15:22:38.802700-05:00 homelab systembridge[1156]: 2025-08-15T20:22:38.802587117Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again\n' +2025-08-15 15:23:31,383 - WARNING - Error parsing individual syslog line: 2025-08-15T15:22:39.517834-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:22:39.517Z"} - Unable to parse message: '2025-08-15T15:22:39.517834-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:22:39.517Z"}\n' +2025-08-15 15:23:31,383 - WARNING - Error parsing individual syslog line: 2025-08-15T15:22:49.522685-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:22:49.522Z"} - Unable to parse message: '2025-08-15T15:22:49.522685-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:22:49.522Z"}\n' +2025-08-15 15:23:31,383 - WARNING - Error parsing individual syslog line: 2025-08-15T15:22:59.527535-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:22:59.527Z"} - Unable to parse message: '2025-08-15T15:22:59.527535-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:22:59.527Z"}\n' +2025-08-15 15:23:31,384 - WARNING - Error parsing individual syslog line: 2025-08-15T15:23:09.531923-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:23:09.531Z"} - Unable to parse message: '2025-08-15T15:23:09.531923-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:23:09.531Z"}\n' +2025-08-15 15:23:31,384 - WARNING - Error parsing individual syslog line: 2025-08-15T15:23:19.536931-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:23:19.536Z"} - Unable to parse message: '2025-08-15T15:23:19.536931-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:23:19.536Z"}\n' +2025-08-15 15:23:31,384 - WARNING - Error parsing individual syslog line: 2025-08-15T15:23:29.538196-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:23:29.537Z"} - Unable to parse message: '2025-08-15T15:23:29.538196-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:23:29.537Z"}\n' +2025-08-15 15:23:31,384 - INFO - System Logs: [] +2025-08-15 15:23:33,409 - WARNING - Could not parse ping output with jc. Returning raw output. +2025-08-15 15:23:33,409 - INFO - Network Metrics: {'ping_output': 'PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.\n64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=19.0 ms\n64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=19.7 ms\n64 bytes from 8.8.8.8: icmp_seq=3 ttl=111 time=19.3 ms\n\n--- 8.8.8.8 ping statistics ---\n3 packets transmitted, 3 received, 0% packet loss, time 2002ms\nrtt min/avg/max/mdev = 19.002/19.322/19.653/0.265 ms\n'} +2025-08-15 15:23:33,410 - INFO - Combined Data: { + "system_logs": [], + "network_metrics": { + "ping_output": "PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.\n64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=19.0 ms\n64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=19.7 ms\n64 bytes from 8.8.8.8: icmp_seq=3 ttl=111 time=19.3 ms\n\n--- 8.8.8.8 ping statistics ---\n3 packets transmitted, 3 received, 0% packet loss, time 2002ms\nrtt min/avg/max/mdev = 19.002/19.322/19.653/0.265 ms\n" + } +} +2025-08-15 15:23:42,028 - INFO - HTTP Request: POST http://192.168.2.114:11434/api/generate "HTTP/1.1 200 OK" +2025-08-15 15:23:42,029 - INFO - LLM Response: After analyzing the system and network data provided in JSON format, I have identified an anomaly. + +The anomaly is related to the ping output, where the time-to-live (TTL) value for each packet sent to 8.8.8.8 was consistently reported as 111, which is unusually high compared to typical TTL values of around 64 or lower. This could indicate a misconfigured routing table or an IP forwarding anomaly in the network. + +The potential cause of this anomaly is a possible issue with the system's configuration or a specific router setting along the path to 8.8.8.8 that is causing the excessive TTL value. The severity of this anomaly is considered medium, as it may indicate an underlying issue within the network but does not necessarily imply a high-risk security threat. + +Here is the report: + +"There is an unusual ping output anomaly where the time-to-live (TTL) value for packets sent to 8.8.8.8 consistently reports as 111, which could be indicative of a misconfigured routing table or IP forwarding issue within the network. This has a medium severity rating, suggesting that it requires further investigation to determine its cause and impact on system performance." +2025-08-15 15:23:42,029 - INFO - Anomaly detected, sending alerts... +2025-08-15 15:23:42,227 - INFO - Discord alert sent. +2025-08-15 15:23:42,239 - INFO - Google Home alert sent. +2025-08-15 15:23:42,239 - INFO - --- Cycle Complete, sleeping for 5 minutes --- +2025-08-15 15:25:08,064 - INFO - --- Running Monitoring Cycle --- +2025-08-15 15:25:08,200 - WARNING - Error parsing individual syslog line: 2025-08-15T15:24:38.789911-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.789562570Z #033[36mDEBUG#033[0m (11) [systembridge] Checking backend server.. - Unable to parse message: '2025-08-15T15:24:38.789911-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.789562570Z #033[36mDEBUG#033[0m (11) [systembridge] Checking backend server..\n' +2025-08-15 15:25:08,201 - WARNING - Error parsing individual syslog line: 2025-08-15T15:24:38.790072-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.789616879Z #033[36mDEBUG#033[0m (11) [systembridge::shared] Data path: /home/artanis/.local/share/timmo001 - Unable to parse message: '2025-08-15T15:24:38.790072-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.789616879Z #033[36mDEBUG#033[0m (11) [systembridge::shared] Data path: /home/artanis/.local/share/timmo001\n' +2025-08-15 15:25:08,201 - WARNING - Error parsing individual syslog line: 2025-08-15T15:24:38.790105-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.789662407Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/ - Unable to parse message: '2025-08-15T15:24:38.790105-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.789662407Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/\n' +2025-08-15 15:25:08,201 - WARNING - Error parsing individual syslog line: 2025-08-15T15:24:38.800515-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.800415024Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/ - Unable to parse message: '2025-08-15T15:24:38.800515-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.800415024Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/\n' +2025-08-15 15:25:08,201 - WARNING - Error parsing individual syslog line: 2025-08-15T15:24:38.802962-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.802847954Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running - Unable to parse message: '2025-08-15T15:24:38.802962-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.802847954Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running\n' +2025-08-15 15:25:08,201 - WARNING - Error parsing individual syslog line: 2025-08-15T15:24:38.803038-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.802896671Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again - Unable to parse message: '2025-08-15T15:24:38.803038-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.802896671Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again\n' +2025-08-15 15:25:08,201 - WARNING - Error parsing individual syslog line: 2025-08-15T15:24:39.566389-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:24:39.565Z"} - Unable to parse message: '2025-08-15T15:24:39.566389-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:24:39.565Z"}\n' +2025-08-15 15:25:08,201 - WARNING - Error parsing individual syslog line: 2025-08-15T15:24:49.571317-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:24:49.570Z"} - Unable to parse message: '2025-08-15T15:24:49.571317-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:24:49.570Z"}\n' +2025-08-15 15:25:08,201 - WARNING - Error parsing individual syslog line: 2025-08-15T15:24:59.575913-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:24:59.575Z"} - Unable to parse message: '2025-08-15T15:24:59.575913-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:24:59.575Z"}\n' +2025-08-15 15:25:08,201 - WARNING - Error parsing individual syslog line: 2025-08-15T15:25:01.218427-05:00 homelab CRON[3104688]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1) - Unable to parse message: '2025-08-15T15:25:01.218427-05:00 homelab CRON[3104688]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)\n' +2025-08-15 15:25:08,202 - INFO - System Logs: [{'raw_log': '2025-08-15T15:24:38.789911-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.789562570Z #033[36mDEBUG#033[0m (11) [systembridge] Checking backend server..', 'parsing_error': "Unable to parse message: '2025-08-15T15:24:38.789911-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.789562570Z #033[36mDEBUG#033[0m (11) [systembridge] Checking backend server..\\n'"}, {'raw_log': '2025-08-15T15:24:38.790072-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.789616879Z #033[36mDEBUG#033[0m (11) [systembridge::shared] Data path: /home/artanis/.local/share/timmo001', 'parsing_error': "Unable to parse message: '2025-08-15T15:24:38.790072-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.789616879Z #033[36mDEBUG#033[0m (11) [systembridge::shared] Data path: /home/artanis/.local/share/timmo001\\n'"}, {'raw_log': '2025-08-15T15:24:38.790105-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.789662407Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/', 'parsing_error': "Unable to parse message: '2025-08-15T15:24:38.790105-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.789662407Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/\\n'"}, {'raw_log': '2025-08-15T15:24:38.800515-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.800415024Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/', 'parsing_error': "Unable to parse message: '2025-08-15T15:24:38.800515-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.800415024Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/\\n'"}, {'raw_log': '2025-08-15T15:24:38.802962-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.802847954Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running', 'parsing_error': "Unable to parse message: '2025-08-15T15:24:38.802962-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.802847954Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running\\n'"}, {'raw_log': '2025-08-15T15:24:38.803038-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.802896671Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again', 'parsing_error': "Unable to parse message: '2025-08-15T15:24:38.803038-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.802896671Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again\\n'"}, {'raw_log': '2025-08-15T15:24:39.566389-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:24:39.565Z"}', 'parsing_error': 'Unable to parse message: \'2025-08-15T15:24:39.566389-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:24:39.565Z"}\\n\''}, {'raw_log': '2025-08-15T15:24:49.571317-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:24:49.570Z"}', 'parsing_error': 'Unable to parse message: \'2025-08-15T15:24:49.571317-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:24:49.570Z"}\\n\''}, {'raw_log': '2025-08-15T15:24:59.575913-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:24:59.575Z"}', 'parsing_error': 'Unable to parse message: \'2025-08-15T15:24:59.575913-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:24:59.575Z"}\\n\''}, {'raw_log': '2025-08-15T15:25:01.218427-05:00 homelab CRON[3104688]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)', 'parsing_error': "Unable to parse message: '2025-08-15T15:25:01.218427-05:00 homelab CRON[3104688]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)\\n'"}] +2025-08-15 15:25:10,225 - DEBUG - Raw ping output: PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. +64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=17.9 ms +64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=22.2 ms +64 bytes from 8.8.8.8: icmp_seq=3 ttl=111 time=17.8 ms + +--- 8.8.8.8 ping statistics --- +3 packets transmitted, 3 received, 0% packet loss, time 2003ms +rtt min/avg/max/mdev = 17.780/19.285/22.167/2.038 ms + +2025-08-15 15:25:10,227 - WARNING - Could not parse ping output with jc. Returning raw output. +2025-08-15 15:25:10,227 - INFO - Network Metrics: {'ping_output': 'PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.\n64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=17.9 ms\n64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=22.2 ms\n64 bytes from 8.8.8.8: icmp_seq=3 ttl=111 time=17.8 ms\n\n--- 8.8.8.8 ping statistics ---\n3 packets transmitted, 3 received, 0% packet loss, time 2003ms\nrtt min/avg/max/mdev = 17.780/19.285/22.167/2.038 ms\n'} +2025-08-15 15:25:10,227 - INFO - Combined Data: { + "system_logs": [ + { + "raw_log": "2025-08-15T15:24:38.789911-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.789562570Z #033[36mDEBUG#033[0m (11) [systembridge] Checking backend server..", + "parsing_error": "Unable to parse message: '2025-08-15T15:24:38.789911-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.789562570Z #033[36mDEBUG#033[0m (11) [systembridge] Checking backend server..\\n'" + }, + { + "raw_log": "2025-08-15T15:24:38.790072-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.789616879Z #033[36mDEBUG#033[0m (11) [systembridge::shared] Data path: /home/artanis/.local/share/timmo001", + "parsing_error": "Unable to parse message: '2025-08-15T15:24:38.790072-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.789616879Z #033[36mDEBUG#033[0m (11) [systembridge::shared] Data path: /home/artanis/.local/share/timmo001\\n'" + }, + { + "raw_log": "2025-08-15T15:24:38.790105-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.789662407Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/", + "parsing_error": "Unable to parse message: '2025-08-15T15:24:38.790105-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.789662407Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/\\n'" + }, + { + "raw_log": "2025-08-15T15:24:38.800515-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.800415024Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/", + "parsing_error": "Unable to parse message: '2025-08-15T15:24:38.800515-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.800415024Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/\\n'" + }, + { + "raw_log": "2025-08-15T15:24:38.802962-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.802847954Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running", + "parsing_error": "Unable to parse message: '2025-08-15T15:24:38.802962-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.802847954Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running\\n'" + }, + { + "raw_log": "2025-08-15T15:24:38.803038-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.802896671Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again", + "parsing_error": "Unable to parse message: '2025-08-15T15:24:38.803038-05:00 homelab systembridge[1156]: 2025-08-15T20:24:38.802896671Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again\\n'" + }, + { + "raw_log": "2025-08-15T15:24:39.566389-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:24:39.565Z\"}", + "parsing_error": "Unable to parse message: '2025-08-15T15:24:39.566389-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:24:39.565Z\"}\\n'" + }, + { + "raw_log": "2025-08-15T15:24:49.571317-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:24:49.570Z\"}", + "parsing_error": "Unable to parse message: '2025-08-15T15:24:49.571317-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:24:49.570Z\"}\\n'" + }, + { + "raw_log": "2025-08-15T15:24:59.575913-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:24:59.575Z\"}", + "parsing_error": "Unable to parse message: '2025-08-15T15:24:59.575913-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:24:59.575Z\"}\\n'" + }, + { + "raw_log": "2025-08-15T15:25:01.218427-05:00 homelab CRON[3104688]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)", + "parsing_error": "Unable to parse message: '2025-08-15T15:25:01.218427-05:00 homelab CRON[3104688]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)\\n'" + } + ], + "network_metrics": { + "ping_output": "PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.\n64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=17.9 ms\n64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=22.2 ms\n64 bytes from 8.8.8.8: icmp_seq=3 ttl=111 time=17.8 ms\n\n--- 8.8.8.8 ping statistics ---\n3 packets transmitted, 3 received, 0% packet loss, time 2003ms\nrtt min/avg/max/mdev = 17.780/19.285/22.167/2.038 ms\n" + } +} +2025-08-15 15:25:10,241 - DEBUG - connect_tcp.started host='192.168.2.114' port=11434 local_address=None timeout=None socket_options=None +2025-08-15 15:25:10,242 - DEBUG - connect_tcp.complete return_value= +2025-08-15 15:25:10,242 - DEBUG - send_request_headers.started request= +2025-08-15 15:25:10,242 - DEBUG - send_request_headers.complete +2025-08-15 15:25:10,242 - DEBUG - send_request_body.started request= +2025-08-15 15:25:10,242 - DEBUG - send_request_body.complete +2025-08-15 15:25:10,243 - DEBUG - receive_response_headers.started request= +2025-08-15 15:25:30,653 - DEBUG - receive_response_headers.complete return_value=(b'HTTP/1.1', 200, b'OK', [(b'Content-Type', b'application/json; charset=utf-8'), (b'Date', b'Fri, 15 Aug 2025 20:25:30 GMT'), (b'Transfer-Encoding', b'chunked')]) +2025-08-15 15:25:30,653 - INFO - HTTP Request: POST http://192.168.2.114:11434/api/generate "HTTP/1.1 200 OK" +2025-08-15 15:25:30,654 - DEBUG - receive_response_body.started request= +2025-08-15 15:25:30,654 - DEBUG - receive_response_body.complete +2025-08-15 15:25:30,654 - DEBUG - response_closed.started +2025-08-15 15:25:30,654 - DEBUG - response_closed.complete +2025-08-15 15:25:30,655 - INFO - LLM Response: After analyzing the system data, I have identified an anomaly in the network metrics. The system's ping output shows an unusual packet loss percentage of 0%, which is highly unlikely given the number of packets transmitted and received. Upon further inspection, I noticed that all three packets sent to 8.8.8.8 were successfully received, with only a single measurement of time (19.285 ms) being reported for the average round-trip time. This unusual pattern suggests that something may be interfering with or manipulating the ping results, potentially indicating a network anomaly or attack in progress. + +**Anomaly:** Unusual packet loss percentage and altered latency metrics in ping output. +**Potential cause:** Network anomaly or attack (e.g., spoofing, tampering) affecting the system's ability to accurately report ping statistics. +**Severity:** High +2025-08-15 15:25:30,655 - INFO - Anomaly detected, sending alerts... +2025-08-15 15:25:30,657 - DEBUG - Starting new HTTPS connection (1): discord.com:443 +2025-08-15 15:25:30,870 - DEBUG - https://discord.com:443 "POST /api/webhooks/1024892743987773471/3Oh1KOw9tevBd-XtUkj8Rz2K4SePCFsxKmRrHhQw5spDeZKNzoyYoq6zC2cnTKo8VjJn?wait=True HTTP/1.1" 200 None +2025-08-15 15:25:30,872 - DEBUG - Webhook executed +2025-08-15 15:25:30,872 - INFO - Discord alert sent. +2025-08-15 15:25:30,873 - DEBUG - Starting new HTTP connection (1): 192.168.2.112:8123 +2025-08-15 15:25:30,878 - DEBUG - http://192.168.2.112:8123 "POST /api/services/tts/speak HTTP/1.1" 200 10 +2025-08-15 15:25:30,879 - INFO - Google Home alert sent. +2025-08-15 15:25:30,879 - INFO - --- Cycle Complete, sleeping for 5 minutes --- +2025-08-15 15:26:08,387 - INFO - --- Running Monitoring Cycle --- +2025-08-15 15:26:08,524 - WARNING - Error parsing individual syslog line: 2025-08-15T15:25:30.653284-05:00 homelab ollama[1614]: [GIN] 2025/08/15 - 15:25:30 | 200 | 20.41019356s | 192.168.2.114 | POST "/api/generate" - Unable to parse message: '2025-08-15T15:25:30.653284-05:00 homelab ollama[1614]: [GIN] 2025/08/15 - 15:25:30 | 200 | 20.41019356s | 192.168.2.114 | POST "/api/generate"\n' +2025-08-15 15:26:08,524 - WARNING - Error parsing individual syslog line: 2025-08-15T15:25:38.789266-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.788916785Z #033[36mDEBUG#033[0m (11) [systembridge] Checking backend server.. - Unable to parse message: '2025-08-15T15:25:38.789266-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.788916785Z #033[36mDEBUG#033[0m (11) [systembridge] Checking backend server..\n' +2025-08-15 15:26:08,524 - WARNING - Error parsing individual syslog line: 2025-08-15T15:25:38.789425-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.788972873Z #033[36mDEBUG#033[0m (11) [systembridge::shared] Data path: /home/artanis/.local/share/timmo001 - Unable to parse message: '2025-08-15T15:25:38.789425-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.788972873Z #033[36mDEBUG#033[0m (11) [systembridge::shared] Data path: /home/artanis/.local/share/timmo001\n' +2025-08-15 15:26:08,524 - WARNING - Error parsing individual syslog line: 2025-08-15T15:25:38.789466-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.789019358Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/ - Unable to parse message: '2025-08-15T15:25:38.789466-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.789019358Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/\n' +2025-08-15 15:26:08,524 - WARNING - Error parsing individual syslog line: 2025-08-15T15:25:38.799769-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.799701056Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/ - Unable to parse message: '2025-08-15T15:25:38.799769-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.799701056Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/\n' +2025-08-15 15:26:08,524 - WARNING - Error parsing individual syslog line: 2025-08-15T15:25:38.802141-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.802033631Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running - Unable to parse message: '2025-08-15T15:25:38.802141-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.802033631Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running\n' +2025-08-15 15:26:08,525 - WARNING - Error parsing individual syslog line: 2025-08-15T15:25:38.802226-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.802076439Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again - Unable to parse message: '2025-08-15T15:25:38.802226-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.802076439Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again\n' +2025-08-15 15:26:08,525 - WARNING - Error parsing individual syslog line: 2025-08-15T15:25:39.595005-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:25:39.594Z"} - Unable to parse message: '2025-08-15T15:25:39.595005-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:25:39.594Z"}\n' +2025-08-15 15:26:08,525 - WARNING - Error parsing individual syslog line: 2025-08-15T15:25:49.598909-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:25:49.598Z"} - Unable to parse message: '2025-08-15T15:25:49.598909-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:25:49.598Z"}\n' +2025-08-15 15:26:08,525 - WARNING - Error parsing individual syslog line: 2025-08-15T15:25:59.602937-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:25:59.602Z"} - Unable to parse message: '2025-08-15T15:25:59.602937-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:25:59.602Z"}\n' +2025-08-15 15:26:08,525 - INFO - System Logs: [{'raw_log': '2025-08-15T15:25:30.653284-05:00 homelab ollama[1614]: [GIN] 2025/08/15 - 15:25:30 | 200 | 20.41019356s | 192.168.2.114 | POST "/api/generate"', 'parsing_error': 'Unable to parse message: \'2025-08-15T15:25:30.653284-05:00 homelab ollama[1614]: [GIN] 2025/08/15 - 15:25:30 | 200 | 20.41019356s | 192.168.2.114 | POST "/api/generate"\\n\''}, {'raw_log': '2025-08-15T15:25:38.789266-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.788916785Z #033[36mDEBUG#033[0m (11) [systembridge] Checking backend server..', 'parsing_error': "Unable to parse message: '2025-08-15T15:25:38.789266-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.788916785Z #033[36mDEBUG#033[0m (11) [systembridge] Checking backend server..\\n'"}, {'raw_log': '2025-08-15T15:25:38.789425-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.788972873Z #033[36mDEBUG#033[0m (11) [systembridge::shared] Data path: /home/artanis/.local/share/timmo001', 'parsing_error': "Unable to parse message: '2025-08-15T15:25:38.789425-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.788972873Z #033[36mDEBUG#033[0m (11) [systembridge::shared] Data path: /home/artanis/.local/share/timmo001\\n'"}, {'raw_log': '2025-08-15T15:25:38.789466-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.789019358Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/', 'parsing_error': "Unable to parse message: '2025-08-15T15:25:38.789466-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.789019358Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/\\n'"}, {'raw_log': '2025-08-15T15:25:38.799769-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.799701056Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/', 'parsing_error': "Unable to parse message: '2025-08-15T15:25:38.799769-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.799701056Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/\\n'"}, {'raw_log': '2025-08-15T15:25:38.802141-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.802033631Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running', 'parsing_error': "Unable to parse message: '2025-08-15T15:25:38.802141-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.802033631Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running\\n'"}, {'raw_log': '2025-08-15T15:25:38.802226-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.802076439Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again', 'parsing_error': "Unable to parse message: '2025-08-15T15:25:38.802226-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.802076439Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again\\n'"}, {'raw_log': '2025-08-15T15:25:39.595005-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:25:39.594Z"}', 'parsing_error': 'Unable to parse message: \'2025-08-15T15:25:39.595005-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:25:39.594Z"}\\n\''}, {'raw_log': '2025-08-15T15:25:49.598909-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:25:49.598Z"}', 'parsing_error': 'Unable to parse message: \'2025-08-15T15:25:49.598909-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:25:49.598Z"}\\n\''}, {'raw_log': '2025-08-15T15:25:59.602937-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:25:59.602Z"}', 'parsing_error': 'Unable to parse message: \'2025-08-15T15:25:59.602937-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:25:59.602Z"}\\n\''}] +2025-08-15 15:26:10,548 - DEBUG - Raw ping output: PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. +64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=17.6 ms +64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=18.5 ms +64 bytes from 8.8.8.8: icmp_seq=3 ttl=111 time=17.2 ms + +--- 8.8.8.8 ping statistics --- +3 packets transmitted, 3 received, 0% packet loss, time 2003ms +rtt min/avg/max/mdev = 17.237/17.764/18.471/0.519 ms + +2025-08-15 15:26:10,548 - INFO - Network Metrics: {'packet_loss_percent': 0.0, 'round_trip_ms_min': 17.237, 'round_trip_ms_avg': 17.764, 'round_trip_ms_max': 18.471, 'raw_ping_output': 'PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.\n64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=17.6 ms\n64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=18.5 ms\n64 bytes from 8.8.8.8: icmp_seq=3 ttl=111 time=17.2 ms\n\n--- 8.8.8.8 ping statistics ---\n3 packets transmitted, 3 received, 0% packet loss, time 2003ms\nrtt min/avg/max/mdev = 17.237/17.764/18.471/0.519 ms\n'} +2025-08-15 15:26:10,548 - INFO - Combined Data: { + "system_logs": [ + { + "raw_log": "2025-08-15T15:25:30.653284-05:00 homelab ollama[1614]: [GIN] 2025/08/15 - 15:25:30 | 200 | 20.41019356s | 192.168.2.114 | POST \"/api/generate\"", + "parsing_error": "Unable to parse message: '2025-08-15T15:25:30.653284-05:00 homelab ollama[1614]: [GIN] 2025/08/15 - 15:25:30 | 200 | 20.41019356s | 192.168.2.114 | POST \"/api/generate\"\\n'" + }, + { + "raw_log": "2025-08-15T15:25:38.789266-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.788916785Z #033[36mDEBUG#033[0m (11) [systembridge] Checking backend server..", + "parsing_error": "Unable to parse message: '2025-08-15T15:25:38.789266-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.788916785Z #033[36mDEBUG#033[0m (11) [systembridge] Checking backend server..\\n'" + }, + { + "raw_log": "2025-08-15T15:25:38.789425-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.788972873Z #033[36mDEBUG#033[0m (11) [systembridge::shared] Data path: /home/artanis/.local/share/timmo001", + "parsing_error": "Unable to parse message: '2025-08-15T15:25:38.789425-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.788972873Z #033[36mDEBUG#033[0m (11) [systembridge::shared] Data path: /home/artanis/.local/share/timmo001\\n'" + }, + { + "raw_log": "2025-08-15T15:25:38.789466-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.789019358Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/", + "parsing_error": "Unable to parse message: '2025-08-15T15:25:38.789466-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.789019358Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/\\n'" + }, + { + "raw_log": "2025-08-15T15:25:38.799769-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.799701056Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/", + "parsing_error": "Unable to parse message: '2025-08-15T15:25:38.799769-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.799701056Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/\\n'" + }, + { + "raw_log": "2025-08-15T15:25:38.802141-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.802033631Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running", + "parsing_error": "Unable to parse message: '2025-08-15T15:25:38.802141-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.802033631Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running\\n'" + }, + { + "raw_log": "2025-08-15T15:25:38.802226-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.802076439Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again", + "parsing_error": "Unable to parse message: '2025-08-15T15:25:38.802226-05:00 homelab systembridge[1156]: 2025-08-15T20:25:38.802076439Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again\\n'" + }, + { + "raw_log": "2025-08-15T15:25:39.595005-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:25:39.594Z\"}", + "parsing_error": "Unable to parse message: '2025-08-15T15:25:39.595005-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:25:39.594Z\"}\\n'" + }, + { + "raw_log": "2025-08-15T15:25:49.598909-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:25:49.598Z\"}", + "parsing_error": "Unable to parse message: '2025-08-15T15:25:49.598909-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:25:49.598Z\"}\\n'" + }, + { + "raw_log": "2025-08-15T15:25:59.602937-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:25:59.602Z\"}", + "parsing_error": "Unable to parse message: '2025-08-15T15:25:59.602937-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:25:59.602Z\"}\\n'" + } + ], + "network_metrics": { + "packet_loss_percent": 0.0, + "round_trip_ms_min": 17.237, + "round_trip_ms_avg": 17.764, + "round_trip_ms_max": 18.471, + "raw_ping_output": "PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.\n64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=17.6 ms\n64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=18.5 ms\n64 bytes from 8.8.8.8: icmp_seq=3 ttl=111 time=17.2 ms\n\n--- 8.8.8.8 ping statistics ---\n3 packets transmitted, 3 received, 0% packet loss, time 2003ms\nrtt min/avg/max/mdev = 17.237/17.764/18.471/0.519 ms\n" + } +} +2025-08-15 15:26:10,562 - DEBUG - connect_tcp.started host='192.168.2.114' port=11434 local_address=None timeout=None socket_options=None +2025-08-15 15:26:10,562 - DEBUG - connect_tcp.complete return_value= +2025-08-15 15:26:10,562 - DEBUG - send_request_headers.started request= +2025-08-15 15:26:10,563 - DEBUG - send_request_headers.complete +2025-08-15 15:26:10,563 - DEBUG - send_request_body.started request= +2025-08-15 15:26:10,565 - DEBUG - send_request_body.complete +2025-08-15 15:26:10,565 - DEBUG - receive_response_headers.started request= +2025-08-15 15:26:31,408 - DEBUG - receive_response_headers.complete return_value=(b'HTTP/1.1', 200, b'OK', [(b'Content-Type', b'application/json; charset=utf-8'), (b'Date', b'Fri, 15 Aug 2025 20:26:31 GMT'), (b'Transfer-Encoding', b'chunked')]) +2025-08-15 15:26:31,409 - INFO - HTTP Request: POST http://192.168.2.114:11434/api/generate "HTTP/1.1 200 OK" +2025-08-15 15:26:31,409 - DEBUG - receive_response_body.started request= +2025-08-15 15:26:31,409 - DEBUG - receive_response_body.complete +2025-08-15 15:26:31,410 - DEBUG - response_closed.started +2025-08-15 15:26:31,410 - DEBUG - response_closed.complete +2025-08-15 15:26:31,411 - INFO - LLM Response: After analyzing the provided data, I have identified an anomaly in the network metrics. + +**Anomaly Report** + +The packet loss percentage is 0.0%, which is extremely low and potentially indicative of a network issue. The potential cause of this anomaly could be related to the system or network configuration, but it may also indicate that there are no issues with packet transmission at this time. However, I would rate the severity of this anomaly as **low** because 0.0% packet loss is not typically considered abnormal in a stable network environment. + +Note: The other metrics, such as round trip times and ping statistics, appear to be within normal ranges, which further supports my conclusion that the low packet loss percentage is likely a non-issue rather than an actual anomaly. +2025-08-15 15:26:31,411 - INFO - Anomaly detected, sending alerts... +2025-08-15 15:26:31,414 - DEBUG - Starting new HTTPS connection (1): discord.com:443 +2025-08-15 15:26:31,660 - DEBUG - https://discord.com:443 "POST /api/webhooks/1024892743987773471/3Oh1KOw9tevBd-XtUkj8Rz2K4SePCFsxKmRrHhQw5spDeZKNzoyYoq6zC2cnTKo8VjJn?wait=True HTTP/1.1" 200 None +2025-08-15 15:26:31,662 - DEBUG - Webhook executed +2025-08-15 15:26:31,662 - INFO - Discord alert sent. +2025-08-15 15:26:31,663 - DEBUG - Starting new HTTP connection (1): 192.168.2.112:8123 +2025-08-15 15:26:31,673 - DEBUG - http://192.168.2.112:8123 "POST /api/services/tts/speak HTTP/1.1" 200 10 +2025-08-15 15:26:31,673 - INFO - Google Home alert sent. +2025-08-15 15:26:31,674 - INFO - --- Cycle Complete, sleeping for 5 minutes --- +2025-08-15 15:28:37,727 - INFO - --- Running Monitoring Cycle --- +2025-08-15 15:28:37,864 - WARNING - Error parsing individual syslog line: 2025-08-15T15:27:38.789902-05:00 homelab systembridge[1156]: 2025-08-15T20:27:38.789326532Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/ - Unable to parse message: '2025-08-15T15:27:38.789902-05:00 homelab systembridge[1156]: 2025-08-15T20:27:38.789326532Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/\n' +2025-08-15 15:28:37,864 - WARNING - Error parsing individual syslog line: 2025-08-15T15:27:38.801096-05:00 homelab systembridge[1156]: 2025-08-15T20:27:38.801028634Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/ - Unable to parse message: '2025-08-15T15:27:38.801096-05:00 homelab systembridge[1156]: 2025-08-15T20:27:38.801028634Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/\n' +2025-08-15 15:28:37,864 - WARNING - Error parsing individual syslog line: 2025-08-15T15:27:38.803342-05:00 homelab systembridge[1156]: 2025-08-15T20:27:38.803269716Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running - Unable to parse message: '2025-08-15T15:27:38.803342-05:00 homelab systembridge[1156]: 2025-08-15T20:27:38.803269716Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running\n' +2025-08-15 15:28:37,864 - WARNING - Error parsing individual syslog line: 2025-08-15T15:27:38.803646-05:00 homelab systembridge[1156]: 2025-08-15T20:27:38.803314699Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again - Unable to parse message: '2025-08-15T15:27:38.803646-05:00 homelab systembridge[1156]: 2025-08-15T20:27:38.803314699Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again\n' +2025-08-15 15:28:37,864 - WARNING - Error parsing individual syslog line: 2025-08-15T15:27:39.647324-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:27:39.646Z"} - Unable to parse message: '2025-08-15T15:27:39.647324-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:27:39.646Z"}\n' +2025-08-15 15:28:37,864 - WARNING - Error parsing individual syslog line: 2025-08-15T15:27:49.651908-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:27:49.651Z"} - Unable to parse message: '2025-08-15T15:27:49.651908-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:27:49.651Z"}\n' +2025-08-15 15:28:37,865 - WARNING - Error parsing individual syslog line: 2025-08-15T15:27:59.654785-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:27:59.654Z"} - Unable to parse message: '2025-08-15T15:27:59.654785-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:27:59.654Z"}\n' +2025-08-15 15:28:37,865 - WARNING - Error parsing individual syslog line: 2025-08-15T15:28:09.659079-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:28:09.658Z"} - Unable to parse message: '2025-08-15T15:28:09.659079-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:28:09.658Z"}\n' +2025-08-15 15:28:37,865 - WARNING - Error parsing individual syslog line: 2025-08-15T15:28:19.664625-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:28:19.663Z"} - Unable to parse message: '2025-08-15T15:28:19.664625-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:28:19.663Z"}\n' +2025-08-15 15:28:37,865 - WARNING - Error parsing individual syslog line: 2025-08-15T15:28:29.669188-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:28:29.668Z"} - Unable to parse message: '2025-08-15T15:28:29.669188-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:28:29.668Z"}\n' +2025-08-15 15:28:37,865 - INFO - System Logs: [{'raw_log': '2025-08-15T15:27:38.789902-05:00 homelab systembridge[1156]: 2025-08-15T20:27:38.789326532Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/', 'parsing_error': "Unable to parse message: '2025-08-15T15:27:38.789902-05:00 homelab systembridge[1156]: 2025-08-15T20:27:38.789326532Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/\\n'"}, {'raw_log': '2025-08-15T15:27:38.801096-05:00 homelab systembridge[1156]: 2025-08-15T20:27:38.801028634Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/', 'parsing_error': "Unable to parse message: '2025-08-15T15:27:38.801096-05:00 homelab systembridge[1156]: 2025-08-15T20:27:38.801028634Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/\\n'"}, {'raw_log': '2025-08-15T15:27:38.803342-05:00 homelab systembridge[1156]: 2025-08-15T20:27:38.803269716Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running', 'parsing_error': "Unable to parse message: '2025-08-15T15:27:38.803342-05:00 homelab systembridge[1156]: 2025-08-15T20:27:38.803269716Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running\\n'"}, {'raw_log': '2025-08-15T15:27:38.803646-05:00 homelab systembridge[1156]: 2025-08-15T20:27:38.803314699Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again', 'parsing_error': "Unable to parse message: '2025-08-15T15:27:38.803646-05:00 homelab systembridge[1156]: 2025-08-15T20:27:38.803314699Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again\\n'"}, {'raw_log': '2025-08-15T15:27:39.647324-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:27:39.646Z"}', 'parsing_error': 'Unable to parse message: \'2025-08-15T15:27:39.647324-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:27:39.646Z"}\\n\''}, {'raw_log': '2025-08-15T15:27:49.651908-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:27:49.651Z"}', 'parsing_error': 'Unable to parse message: \'2025-08-15T15:27:49.651908-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:27:49.651Z"}\\n\''}, {'raw_log': '2025-08-15T15:27:59.654785-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:27:59.654Z"}', 'parsing_error': 'Unable to parse message: \'2025-08-15T15:27:59.654785-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:27:59.654Z"}\\n\''}, {'raw_log': '2025-08-15T15:28:09.659079-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:28:09.658Z"}', 'parsing_error': 'Unable to parse message: \'2025-08-15T15:28:09.659079-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:28:09.658Z"}\\n\''}, {'raw_log': '2025-08-15T15:28:19.664625-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:28:19.663Z"}', 'parsing_error': 'Unable to parse message: \'2025-08-15T15:28:19.664625-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:28:19.663Z"}\\n\''}, {'raw_log': '2025-08-15T15:28:29.669188-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:28:29.668Z"}', 'parsing_error': 'Unable to parse message: \'2025-08-15T15:28:29.669188-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:28:29.668Z"}\\n\''}] +2025-08-15 15:28:39,886 - DEBUG - Raw ping output: PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. +64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=17.1 ms +64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=28.2 ms +64 bytes from 8.8.8.8: icmp_seq=3 ttl=111 time=16.9 ms + +--- 8.8.8.8 ping statistics --- +3 packets transmitted, 3 received, 0% packet loss, time 2002ms +rtt min/avg/max/mdev = 16.921/20.732/28.179/5.266 ms + +2025-08-15 15:28:39,887 - INFO - Network Metrics: {'packet_loss_percent': 0.0, 'round_trip_ms_min': 16.921, 'round_trip_ms_avg': 20.732, 'round_trip_ms_max': 28.179, 'raw_ping_output': 'PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.\n64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=17.1 ms\n64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=28.2 ms\n64 bytes from 8.8.8.8: icmp_seq=3 ttl=111 time=16.9 ms\n\n--- 8.8.8.8 ping statistics ---\n3 packets transmitted, 3 received, 0% packet loss, time 2002ms\nrtt min/avg/max/mdev = 16.921/20.732/28.179/5.266 ms\n'} +2025-08-15 15:28:39,887 - INFO - Combined Data: { + "system_logs": [ + { + "raw_log": "2025-08-15T15:27:38.789902-05:00 homelab systembridge[1156]: 2025-08-15T20:27:38.789326532Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/", + "parsing_error": "Unable to parse message: '2025-08-15T15:27:38.789902-05:00 homelab systembridge[1156]: 2025-08-15T20:27:38.789326532Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/\\n'" + }, + { + "raw_log": "2025-08-15T15:27:38.801096-05:00 homelab systembridge[1156]: 2025-08-15T20:27:38.801028634Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/", + "parsing_error": "Unable to parse message: '2025-08-15T15:27:38.801096-05:00 homelab systembridge[1156]: 2025-08-15T20:27:38.801028634Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/\\n'" + }, + { + "raw_log": "2025-08-15T15:27:38.803342-05:00 homelab systembridge[1156]: 2025-08-15T20:27:38.803269716Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running", + "parsing_error": "Unable to parse message: '2025-08-15T15:27:38.803342-05:00 homelab systembridge[1156]: 2025-08-15T20:27:38.803269716Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running\\n'" + }, + { + "raw_log": "2025-08-15T15:27:38.803646-05:00 homelab systembridge[1156]: 2025-08-15T20:27:38.803314699Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again", + "parsing_error": "Unable to parse message: '2025-08-15T15:27:38.803646-05:00 homelab systembridge[1156]: 2025-08-15T20:27:38.803314699Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again\\n'" + }, + { + "raw_log": "2025-08-15T15:27:39.647324-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:27:39.646Z\"}", + "parsing_error": "Unable to parse message: '2025-08-15T15:27:39.647324-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:27:39.646Z\"}\\n'" + }, + { + "raw_log": "2025-08-15T15:27:49.651908-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:27:49.651Z\"}", + "parsing_error": "Unable to parse message: '2025-08-15T15:27:49.651908-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:27:49.651Z\"}\\n'" + }, + { + "raw_log": "2025-08-15T15:27:59.654785-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:27:59.654Z\"}", + "parsing_error": "Unable to parse message: '2025-08-15T15:27:59.654785-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:27:59.654Z\"}\\n'" + }, + { + "raw_log": "2025-08-15T15:28:09.659079-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:28:09.658Z\"}", + "parsing_error": "Unable to parse message: '2025-08-15T15:28:09.659079-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:28:09.658Z\"}\\n'" + }, + { + "raw_log": "2025-08-15T15:28:19.664625-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:28:19.663Z\"}", + "parsing_error": "Unable to parse message: '2025-08-15T15:28:19.664625-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:28:19.663Z\"}\\n'" + }, + { + "raw_log": "2025-08-15T15:28:29.669188-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:28:29.668Z\"}", + "parsing_error": "Unable to parse message: '2025-08-15T15:28:29.669188-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:28:29.668Z\"}\\n'" + } + ], + "network_metrics": { + "packet_loss_percent": 0.0, + "round_trip_ms_min": 16.921, + "round_trip_ms_avg": 20.732, + "round_trip_ms_max": 28.179, + "raw_ping_output": "PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.\n64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=17.1 ms\n64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=28.2 ms\n64 bytes from 8.8.8.8: icmp_seq=3 ttl=111 time=16.9 ms\n\n--- 8.8.8.8 ping statistics ---\n3 packets transmitted, 3 received, 0% packet loss, time 2002ms\nrtt min/avg/max/mdev = 16.921/20.732/28.179/5.266 ms\n" + } +} +2025-08-15 15:28:39,900 - DEBUG - connect_tcp.started host='192.168.2.114' port=11434 local_address=None timeout=None socket_options=None +2025-08-15 15:28:39,900 - DEBUG - connect_tcp.complete return_value= +2025-08-15 15:28:39,900 - DEBUG - send_request_headers.started request= +2025-08-15 15:28:39,901 - DEBUG - send_request_headers.complete +2025-08-15 15:28:39,901 - DEBUG - send_request_body.started request= +2025-08-15 15:28:39,901 - DEBUG - send_request_body.complete +2025-08-15 15:28:39,901 - DEBUG - receive_response_headers.started request= +2025-08-15 15:29:04,072 - DEBUG - receive_response_headers.complete return_value=(b'HTTP/1.1', 200, b'OK', [(b'Content-Type', b'application/json; charset=utf-8'), (b'Date', b'Fri, 15 Aug 2025 20:29:04 GMT'), (b'Transfer-Encoding', b'chunked')]) +2025-08-15 15:29:04,073 - INFO - HTTP Request: POST http://192.168.2.114:11434/api/generate "HTTP/1.1 200 OK" +2025-08-15 15:29:04,073 - DEBUG - receive_response_body.started request= +2025-08-15 15:29:04,073 - DEBUG - receive_response_body.complete +2025-08-15 15:29:04,074 - DEBUG - response_closed.started +2025-08-15 15:29:04,074 - DEBUG - response_closed.complete +2025-08-15 15:29:04,074 - INFO - LLM Response: After analyzing the provided system data in JSON format, I have identified a concerning anomaly. + +The anomaly is located in the network metrics section under "round_trip_ms_avg". The average round-trip time (RTT) for pinging 8.8.8.8 is reported as 20.732 ms, which is higher than the minimum RTT of 16.921 ms and the maximum RTT of 28.179 ms. + +The potential cause of this anomaly could be network congestion or packet loss between the host and the destination server (8.8.8.8). The high average RTT value may indicate that there are issues with the network connection, which could lead to poor application performance or even connectivity issues. + +I would classify the severity of this anomaly as medium. While it's not a critical issue at the moment, prolonged periods of high RTTs can impact user experience and lead to decreased productivity. + +**Anomaly Report:** +A concerning anomaly has been found in the network metrics, specifically in the average round-trip time (RTT) for pinging 8.8.8.8, which is significantly higher than expected at 20.732 ms. This may indicate network congestion or packet loss between the host and the destination server, potentially causing poor application performance or connectivity issues. Severity: Medium. +2025-08-15 15:29:04,074 - INFO - Anomaly detected, sending alerts... +2025-08-15 15:29:04,076 - DEBUG - Starting new HTTPS connection (1): discord.com:443 +2025-08-15 15:29:04,346 - DEBUG - https://discord.com:443 "POST /api/webhooks/1024892743987773471/3Oh1KOw9tevBd-XtUkj8Rz2K4SePCFsxKmRrHhQw5spDeZKNzoyYoq6zC2cnTKo8VjJn?wait=True HTTP/1.1" 200 None +2025-08-15 15:29:04,347 - DEBUG - Webhook executed +2025-08-15 15:29:04,347 - INFO - Discord alert sent. +2025-08-15 15:29:04,348 - DEBUG - Starting new HTTP connection (1): 192.168.2.112:8123 +2025-08-15 15:29:04,362 - DEBUG - http://192.168.2.112:8123 "POST /api/services/tts/speak HTTP/1.1" 200 10 +2025-08-15 15:29:04,363 - INFO - Google Home alert sent. +2025-08-15 15:29:04,363 - INFO - --- Cycle Complete, sleeping for 5 minutes --- +2025-08-15 15:34:11,152 - INFO - --- Running Monitoring Cycle --- +2025-08-15 15:34:11,291 - WARNING - Error parsing individual syslog line: 2025-08-15T15:33:38.789979-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.789628224Z #033[36mDEBUG#033[0m (11) [systembridge] Checking backend server.. - Unable to parse message: '2025-08-15T15:33:38.789979-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.789628224Z #033[36mDEBUG#033[0m (11) [systembridge] Checking backend server..\n' +2025-08-15 15:34:11,292 - WARNING - Error parsing individual syslog line: 2025-08-15T15:33:38.790142-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.789689228Z #033[36mDEBUG#033[0m (11) [systembridge::shared] Data path: /home/artanis/.local/share/timmo001 - Unable to parse message: '2025-08-15T15:33:38.790142-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.789689228Z #033[36mDEBUG#033[0m (11) [systembridge::shared] Data path: /home/artanis/.local/share/timmo001\n' +2025-08-15 15:34:11,292 - WARNING - Error parsing individual syslog line: 2025-08-15T15:33:38.790175-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.789739623Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/ - Unable to parse message: '2025-08-15T15:33:38.790175-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.789739623Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/\n' +2025-08-15 15:34:11,292 - WARNING - Error parsing individual syslog line: 2025-08-15T15:33:38.800605-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.800388919Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/ - Unable to parse message: '2025-08-15T15:33:38.800605-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.800388919Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/\n' +2025-08-15 15:34:11,292 - WARNING - Error parsing individual syslog line: 2025-08-15T15:33:38.803109-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.803042154Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running - Unable to parse message: '2025-08-15T15:33:38.803109-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.803042154Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running\n' +2025-08-15 15:34:11,292 - WARNING - Error parsing individual syslog line: 2025-08-15T15:33:38.803275-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.803219115Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again - Unable to parse message: '2025-08-15T15:33:38.803275-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.803219115Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again\n' +2025-08-15 15:34:11,292 - WARNING - Error parsing individual syslog line: 2025-08-15T15:33:39.802251-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:33:39.801Z"} - Unable to parse message: '2025-08-15T15:33:39.802251-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:33:39.801Z"}\n' +2025-08-15 15:34:11,292 - WARNING - Error parsing individual syslog line: 2025-08-15T15:33:49.807197-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:33:49.806Z"} - Unable to parse message: '2025-08-15T15:33:49.807197-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:33:49.806Z"}\n' +2025-08-15 15:34:11,292 - WARNING - Error parsing individual syslog line: 2025-08-15T15:33:59.811893-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:33:59.811Z"} - Unable to parse message: '2025-08-15T15:33:59.811893-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:33:59.811Z"}\n' +2025-08-15 15:34:11,292 - WARNING - Error parsing individual syslog line: 2025-08-15T15:34:09.817923-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:34:09.816Z"} - Unable to parse message: '2025-08-15T15:34:09.817923-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:34:09.816Z"}\n' +2025-08-15 15:34:11,293 - INFO - System Logs: [{'raw_log': '2025-08-15T15:33:38.789979-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.789628224Z #033[36mDEBUG#033[0m (11) [systembridge] Checking backend server..', 'parsing_error': "Unable to parse message: '2025-08-15T15:33:38.789979-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.789628224Z #033[36mDEBUG#033[0m (11) [systembridge] Checking backend server..\\n'"}, {'raw_log': '2025-08-15T15:33:38.790142-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.789689228Z #033[36mDEBUG#033[0m (11) [systembridge::shared] Data path: /home/artanis/.local/share/timmo001', 'parsing_error': "Unable to parse message: '2025-08-15T15:33:38.790142-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.789689228Z #033[36mDEBUG#033[0m (11) [systembridge::shared] Data path: /home/artanis/.local/share/timmo001\\n'"}, {'raw_log': '2025-08-15T15:33:38.790175-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.789739623Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/', 'parsing_error': "Unable to parse message: '2025-08-15T15:33:38.790175-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.789739623Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/\\n'"}, {'raw_log': '2025-08-15T15:33:38.800605-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.800388919Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/', 'parsing_error': "Unable to parse message: '2025-08-15T15:33:38.800605-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.800388919Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/\\n'"}, {'raw_log': '2025-08-15T15:33:38.803109-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.803042154Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running', 'parsing_error': "Unable to parse message: '2025-08-15T15:33:38.803109-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.803042154Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running\\n'"}, {'raw_log': '2025-08-15T15:33:38.803275-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.803219115Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again', 'parsing_error': "Unable to parse message: '2025-08-15T15:33:38.803275-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.803219115Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again\\n'"}, {'raw_log': '2025-08-15T15:33:39.802251-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:33:39.801Z"}', 'parsing_error': 'Unable to parse message: \'2025-08-15T15:33:39.802251-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:33:39.801Z"}\\n\''}, {'raw_log': '2025-08-15T15:33:49.807197-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:33:49.806Z"}', 'parsing_error': 'Unable to parse message: \'2025-08-15T15:33:49.807197-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:33:49.806Z"}\\n\''}, {'raw_log': '2025-08-15T15:33:59.811893-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:33:59.811Z"}', 'parsing_error': 'Unable to parse message: \'2025-08-15T15:33:59.811893-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:33:59.811Z"}\\n\''}, {'raw_log': '2025-08-15T15:34:09.817923-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:34:09.816Z"}', 'parsing_error': 'Unable to parse message: \'2025-08-15T15:34:09.817923-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:34:09.816Z"}\\n\''}] +2025-08-15 15:34:13,318 - DEBUG - Raw ping output: PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. +64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=17.4 ms +64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=17.3 ms +64 bytes from 8.8.8.8: icmp_seq=3 ttl=111 time=20.3 ms + +--- 8.8.8.8 ping statistics --- +3 packets transmitted, 3 received, 0% packet loss, time 2003ms +rtt min/avg/max/mdev = 17.297/18.307/20.263/1.382 ms + +2025-08-15 15:34:13,318 - INFO - Network Metrics: {'packet_loss_percent': 0.0, 'round_trip_ms_min': 17.297, 'round_trip_ms_avg': 18.307, 'round_trip_ms_max': 20.263, 'raw_ping_output': 'PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.\n64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=17.4 ms\n64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=17.3 ms\n64 bytes from 8.8.8.8: icmp_seq=3 ttl=111 time=20.3 ms\n\n--- 8.8.8.8 ping statistics ---\n3 packets transmitted, 3 received, 0% packet loss, time 2003ms\nrtt min/avg/max/mdev = 17.297/18.307/20.263/1.382 ms\n'} +2025-08-15 15:34:13,318 - INFO - Combined Data: { + "system_logs": [ + { + "raw_log": "2025-08-15T15:33:38.789979-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.789628224Z #033[36mDEBUG#033[0m (11) [systembridge] Checking backend server..", + "parsing_error": "Unable to parse message: '2025-08-15T15:33:38.789979-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.789628224Z #033[36mDEBUG#033[0m (11) [systembridge] Checking backend server..\\n'" + }, + { + "raw_log": "2025-08-15T15:33:38.790142-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.789689228Z #033[36mDEBUG#033[0m (11) [systembridge::shared] Data path: /home/artanis/.local/share/timmo001", + "parsing_error": "Unable to parse message: '2025-08-15T15:33:38.790142-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.789689228Z #033[36mDEBUG#033[0m (11) [systembridge::shared] Data path: /home/artanis/.local/share/timmo001\\n'" + }, + { + "raw_log": "2025-08-15T15:33:38.790175-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.789739623Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/", + "parsing_error": "Unable to parse message: '2025-08-15T15:33:38.790175-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.789739623Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/\\n'" + }, + { + "raw_log": "2025-08-15T15:33:38.800605-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.800388919Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/", + "parsing_error": "Unable to parse message: '2025-08-15T15:33:38.800605-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.800388919Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/\\n'" + }, + { + "raw_log": "2025-08-15T15:33:38.803109-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.803042154Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running", + "parsing_error": "Unable to parse message: '2025-08-15T15:33:38.803109-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.803042154Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running\\n'" + }, + { + "raw_log": "2025-08-15T15:33:38.803275-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.803219115Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again", + "parsing_error": "Unable to parse message: '2025-08-15T15:33:38.803275-05:00 homelab systembridge[1156]: 2025-08-15T20:33:38.803219115Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again\\n'" + }, + { + "raw_log": "2025-08-15T15:33:39.802251-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:33:39.801Z\"}", + "parsing_error": "Unable to parse message: '2025-08-15T15:33:39.802251-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:33:39.801Z\"}\\n'" + }, + { + "raw_log": "2025-08-15T15:33:49.807197-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:33:49.806Z\"}", + "parsing_error": "Unable to parse message: '2025-08-15T15:33:49.807197-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:33:49.806Z\"}\\n'" + }, + { + "raw_log": "2025-08-15T15:33:59.811893-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:33:59.811Z\"}", + "parsing_error": "Unable to parse message: '2025-08-15T15:33:59.811893-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:33:59.811Z\"}\\n'" + }, + { + "raw_log": "2025-08-15T15:34:09.817923-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:34:09.816Z\"}", + "parsing_error": "Unable to parse message: '2025-08-15T15:34:09.817923-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:34:09.816Z\"}\\n'" + } + ], + "network_metrics": { + "packet_loss_percent": 0.0, + "round_trip_ms_min": 17.297, + "round_trip_ms_avg": 18.307, + "round_trip_ms_max": 20.263, + "raw_ping_output": "PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.\n64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=17.4 ms\n64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=17.3 ms\n64 bytes from 8.8.8.8: icmp_seq=3 ttl=111 time=20.3 ms\n\n--- 8.8.8.8 ping statistics ---\n3 packets transmitted, 3 received, 0% packet loss, time 2003ms\nrtt min/avg/max/mdev = 17.297/18.307/20.263/1.382 ms\n" + } +} +2025-08-15 15:34:13,331 - DEBUG - connect_tcp.started host='192.168.2.114' port=11434 local_address=None timeout=None socket_options=None +2025-08-15 15:34:13,332 - DEBUG - connect_tcp.complete return_value= +2025-08-15 15:34:13,332 - DEBUG - send_request_headers.started request= +2025-08-15 15:34:13,332 - DEBUG - send_request_headers.complete +2025-08-15 15:34:13,332 - DEBUG - send_request_body.started request= +2025-08-15 15:34:13,332 - DEBUG - send_request_body.complete +2025-08-15 15:34:13,333 - DEBUG - receive_response_headers.started request= +2025-08-15 15:34:38,787 - DEBUG - receive_response_headers.complete return_value=(b'HTTP/1.1', 200, b'OK', [(b'Content-Type', b'application/json; charset=utf-8'), (b'Date', b'Fri, 15 Aug 2025 20:34:38 GMT'), (b'Transfer-Encoding', b'chunked')]) +2025-08-15 15:34:38,787 - INFO - HTTP Request: POST http://192.168.2.114:11434/api/generate "HTTP/1.1 200 OK" +2025-08-15 15:34:38,788 - DEBUG - receive_response_body.started request= +2025-08-15 15:34:38,788 - DEBUG - receive_response_body.complete +2025-08-15 15:34:38,788 - DEBUG - response_closed.started +2025-08-15 15:34:38,788 - DEBUG - response_closed.complete +2025-08-15 15:34:38,789 - INFO - LLM Response: After analyzing the provided data, I have identified a concerning anomaly. + +**Anomaly:** The node process is unable to establish a connection with the expected host and instead connects to another IP address (8.8.8.8), resulting in an average round trip time of 18.307ms. + +**Potential Cause:** This could be due to a misconfigured DNS server or a temporary issue with network routing, causing the node process to default to the Google public DNS resolver. + +**Severity:** Medium + +This anomaly is concerning because it indicates that the node process may not be able to connect to its expected host, potentially leading to data loss or communication delays. Further investigation and monitoring are necessary to determine the root cause of this issue. + +OK +2025-08-15 15:34:38,789 - INFO - Anomaly detected, sending alerts... +2025-08-15 15:34:38,791 - DEBUG - Starting new HTTPS connection (1): discord.com:443 +2025-08-15 15:34:39,080 - DEBUG - https://discord.com:443 "POST /api/webhooks/1024892743987773471/3Oh1KOw9tevBd-XtUkj8Rz2K4SePCFsxKmRrHhQw5spDeZKNzoyYoq6zC2cnTKo8VjJn?wait=True HTTP/1.1" 200 None +2025-08-15 15:34:39,081 - DEBUG - Webhook executed +2025-08-15 15:34:39,081 - INFO - Discord alert sent. +2025-08-15 15:34:39,082 - DEBUG - Starting new HTTP connection (1): 192.168.2.112:8123 +2025-08-15 15:34:39,088 - DEBUG - http://192.168.2.112:8123 "POST /api/services/tts/speak HTTP/1.1" 200 10 +2025-08-15 15:34:39,089 - INFO - Google Home alert sent. +2025-08-15 15:34:39,089 - INFO - --- Cycle Complete, sleeping for 5 minutes --- +2025-08-15 15:38:51,847 - INFO - --- Running Monitoring Cycle --- +2025-08-15 15:40:15,763 - INFO - --- Running Monitoring Cycle --- +2025-08-15 15:41:11,923 - INFO - --- Running Monitoring Cycle --- +2025-08-15 15:41:12,059 - DEBUG - RFC5424 parsing failed for: 2025-08-15T15:40:38.789939-05:00 homelab systembridge[1156]: 2025-08-15T20:40:38.789573247Z #033[36mDEBUG#033[0m (11) [systembridge] Checking backend server.. - Unable to parse message: '2025-08-15T15:40:38.789939-05:00 homelab systembridge[1156]: 2025-08-15T20:40:38.789573247Z #033[36mDEBUG#033[0m (11) [systembridge] Checking backend server..' +2025-08-15 15:41:12,060 - WARNING - Fallback regex parsing failed for: 2025-08-15T15:40:38.789939-05:00 homelab systembridge[1156]: 2025-08-15T20:40:38.789573247Z #033[36mDEBUG#033[0m (11) [systembridge] Checking backend server.. - not enough values to unpack (expected 5, got 4) +2025-08-15 15:41:12,060 - DEBUG - RFC5424 parsing failed for: 2025-08-15T15:40:38.790108-05:00 homelab systembridge[1156]: 2025-08-15T20:40:38.789628572Z #033[36mDEBUG#033[0m (11) [systembridge::shared] Data path: /home/artanis/.local/share/timmo001 - Unable to parse message: '2025-08-15T15:40:38.790108-05:00 homelab systembridge[1156]: 2025-08-15T20:40:38.789628572Z #033[36mDEBUG#033[0m (11) [systembridge::shared] Data path: /home/artanis/.local/share/timmo001' +2025-08-15 15:41:12,060 - WARNING - Fallback regex parsing failed for: 2025-08-15T15:40:38.790108-05:00 homelab systembridge[1156]: 2025-08-15T20:40:38.789628572Z #033[36mDEBUG#033[0m (11) [systembridge::shared] Data path: /home/artanis/.local/share/timmo001 - not enough values to unpack (expected 5, got 4) +2025-08-15 15:41:12,060 - DEBUG - RFC5424 parsing failed for: 2025-08-15T15:40:38.790147-05:00 homelab systembridge[1156]: 2025-08-15T20:40:38.789673092Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/ - Unable to parse message: '2025-08-15T15:40:38.790147-05:00 homelab systembridge[1156]: 2025-08-15T20:40:38.789673092Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/' +2025-08-15 15:41:12,060 - WARNING - Fallback regex parsing failed for: 2025-08-15T15:40:38.790147-05:00 homelab systembridge[1156]: 2025-08-15T20:40:38.789673092Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/ - not enough values to unpack (expected 5, got 4) +2025-08-15 15:41:12,060 - DEBUG - RFC5424 parsing failed for: 2025-08-15T15:40:38.800468-05:00 homelab systembridge[1156]: 2025-08-15T20:40:38.800396551Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/ - Unable to parse message: '2025-08-15T15:40:38.800468-05:00 homelab systembridge[1156]: 2025-08-15T20:40:38.800396551Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/' +2025-08-15 15:41:12,060 - WARNING - Fallback regex parsing failed for: 2025-08-15T15:40:38.800468-05:00 homelab systembridge[1156]: 2025-08-15T20:40:38.800396551Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/ - not enough values to unpack (expected 5, got 4) +2025-08-15 15:41:12,060 - DEBUG - RFC5424 parsing failed for: 2025-08-15T15:40:38.802752-05:00 homelab systembridge[1156]: 2025-08-15T20:40:38.802687334Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running - Unable to parse message: '2025-08-15T15:40:38.802752-05:00 homelab systembridge[1156]: 2025-08-15T20:40:38.802687334Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running' +2025-08-15 15:41:12,060 - WARNING - Fallback regex parsing failed for: 2025-08-15T15:40:38.802752-05:00 homelab systembridge[1156]: 2025-08-15T20:40:38.802687334Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running - not enough values to unpack (expected 5, got 4) +2025-08-15 15:41:12,060 - DEBUG - RFC5424 parsing failed for: 2025-08-15T15:40:38.802832-05:00 homelab systembridge[1156]: 2025-08-15T20:40:38.802727886Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again - Unable to parse message: '2025-08-15T15:40:38.802832-05:00 homelab systembridge[1156]: 2025-08-15T20:40:38.802727886Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again' +2025-08-15 15:41:12,061 - WARNING - Fallback regex parsing failed for: 2025-08-15T15:40:38.802832-05:00 homelab systembridge[1156]: 2025-08-15T20:40:38.802727886Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again - not enough values to unpack (expected 5, got 4) +2025-08-15 15:41:12,061 - DEBUG - RFC5424 parsing failed for: 2025-08-15T15:40:40.006980-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:40:40.006Z"} - Unable to parse message: '2025-08-15T15:40:40.006980-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:40:40.006Z"}' +2025-08-15 15:41:12,061 - WARNING - Fallback regex parsing failed for: 2025-08-15T15:40:40.006980-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:40:40.006Z"} - not enough values to unpack (expected 5, got 4) +2025-08-15 15:41:12,061 - DEBUG - RFC5424 parsing failed for: 2025-08-15T15:40:50.011902-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:40:50.011Z"} - Unable to parse message: '2025-08-15T15:40:50.011902-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:40:50.011Z"}' +2025-08-15 15:41:12,061 - WARNING - Fallback regex parsing failed for: 2025-08-15T15:40:50.011902-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:40:50.011Z"} - not enough values to unpack (expected 5, got 4) +2025-08-15 15:41:12,061 - DEBUG - RFC5424 parsing failed for: 2025-08-15T15:41:00.017069-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:41:00.016Z"} - Unable to parse message: '2025-08-15T15:41:00.017069-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:41:00.016Z"}' +2025-08-15 15:41:12,061 - WARNING - Fallback regex parsing failed for: 2025-08-15T15:41:00.017069-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:41:00.016Z"} - not enough values to unpack (expected 5, got 4) +2025-08-15 15:41:12,061 - DEBUG - RFC5424 parsing failed for: 2025-08-15T15:41:10.021601-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:41:10.021Z"} - Unable to parse message: '2025-08-15T15:41:10.021601-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:41:10.021Z"}' +2025-08-15 15:41:12,061 - WARNING - Fallback regex parsing failed for: 2025-08-15T15:41:10.021601-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:41:10.021Z"} - not enough values to unpack (expected 5, got 4) +2025-08-15 15:41:12,061 - INFO - System Logs: [{'raw_log': '2025-08-15T15:40:38.789939-05:00 homelab systembridge[1156]: 2025-08-15T20:40:38.789573247Z #033[36mDEBUG#033[0m (11) [systembridge] Checking backend server..', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-15T15:40:38.790108-05:00 homelab systembridge[1156]: 2025-08-15T20:40:38.789628572Z #033[36mDEBUG#033[0m (11) [systembridge::shared] Data path: /home/artanis/.local/share/timmo001', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-15T15:40:38.790147-05:00 homelab systembridge[1156]: 2025-08-15T20:40:38.789673092Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-15T15:40:38.800468-05:00 homelab systembridge[1156]: 2025-08-15T20:40:38.800396551Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-15T15:40:38.802752-05:00 homelab systembridge[1156]: 2025-08-15T20:40:38.802687334Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-15T15:40:38.802832-05:00 homelab systembridge[1156]: 2025-08-15T20:40:38.802727886Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-15T15:40:40.006980-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:40:40.006Z"}', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-15T15:40:50.011902-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:40:50.011Z"}', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-15T15:41:00.017069-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:41:00.016Z"}', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-15T15:41:10.021601-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-15T20:41:10.021Z"}', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}] +2025-08-15 15:41:14,089 - DEBUG - Raw ping output: PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. +64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=19.6 ms +64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=18.6 ms +64 bytes from 8.8.8.8: icmp_seq=3 ttl=111 time=22.8 ms + +--- 8.8.8.8 ping statistics --- +3 packets transmitted, 3 received, 0% packet loss, time 2003ms +rtt min/avg/max/mdev = 18.551/20.344/22.841/1.820 ms + +2025-08-15 15:41:14,090 - INFO - Network Metrics: {'packet_loss_percent': 0.0, 'round_trip_ms_min': 18.551, 'round_trip_ms_avg': 20.344, 'round_trip_ms_max': 22.841, 'raw_ping_output': 'PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.\n64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=19.6 ms\n64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=18.6 ms\n64 bytes from 8.8.8.8: icmp_seq=3 ttl=111 time=22.8 ms\n\n--- 8.8.8.8 ping statistics ---\n3 packets transmitted, 3 received, 0% packet loss, time 2003ms\nrtt min/avg/max/mdev = 18.551/20.344/22.841/1.820 ms\n'} +2025-08-15 15:41:14,090 - INFO - Combined Data: { + "system_logs": [ + { + "raw_log": "2025-08-15T15:40:38.789939-05:00 homelab systembridge[1156]: 2025-08-15T20:40:38.789573247Z #033[36mDEBUG#033[0m (11) [systembridge] Checking backend server..", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-15T15:40:38.790108-05:00 homelab systembridge[1156]: 2025-08-15T20:40:38.789628572Z #033[36mDEBUG#033[0m (11) [systembridge::shared] Data path: /home/artanis/.local/share/timmo001", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-15T15:40:38.790147-05:00 homelab systembridge[1156]: 2025-08-15T20:40:38.789673092Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-15T15:40:38.800468-05:00 homelab systembridge[1156]: 2025-08-15T20:40:38.800396551Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-15T15:40:38.802752-05:00 homelab systembridge[1156]: 2025-08-15T20:40:38.802687334Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-15T15:40:38.802832-05:00 homelab systembridge[1156]: 2025-08-15T20:40:38.802727886Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-15T15:40:40.006980-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:40:40.006Z\"}", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-15T15:40:50.011902-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:40:50.011Z\"}", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-15T15:41:00.017069-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:41:00.016Z\"}", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-15T15:41:10.021601-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-15T20:41:10.021Z\"}", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + } + ], + "network_metrics": { + "packet_loss_percent": 0.0, + "round_trip_ms_min": 18.551, + "round_trip_ms_avg": 20.344, + "round_trip_ms_max": 22.841, + "raw_ping_output": "PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.\n64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=19.6 ms\n64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=18.6 ms\n64 bytes from 8.8.8.8: icmp_seq=3 ttl=111 time=22.8 ms\n\n--- 8.8.8.8 ping statistics ---\n3 packets transmitted, 3 received, 0% packet loss, time 2003ms\nrtt min/avg/max/mdev = 18.551/20.344/22.841/1.820 ms\n" + } +} +2025-08-15 15:41:14,104 - DEBUG - connect_tcp.started host='192.168.2.114' port=11434 local_address=None timeout=None socket_options=None +2025-08-15 15:41:14,104 - DEBUG - connect_tcp.complete return_value= +2025-08-15 15:41:14,104 - DEBUG - send_request_headers.started request= +2025-08-15 15:41:14,105 - DEBUG - send_request_headers.complete +2025-08-15 15:41:14,105 - DEBUG - send_request_body.started request= +2025-08-15 15:41:14,106 - DEBUG - send_request_body.complete +2025-08-15 15:41:14,106 - DEBUG - receive_response_headers.started request= +2025-08-15 15:41:39,180 - DEBUG - receive_response_headers.complete return_value=(b'HTTP/1.1', 200, b'OK', [(b'Content-Type', b'application/json; charset=utf-8'), (b'Date', b'Fri, 15 Aug 2025 20:41:39 GMT'), (b'Transfer-Encoding', b'chunked')]) +2025-08-15 15:41:39,181 - INFO - HTTP Request: POST http://192.168.2.114:11434/api/generate "HTTP/1.1 200 OK" +2025-08-15 15:41:39,181 - DEBUG - receive_response_body.started request= +2025-08-15 15:41:39,182 - DEBUG - receive_response_body.complete +2025-08-15 15:41:39,182 - DEBUG - response_closed.started +2025-08-15 15:41:39,182 - DEBUG - response_closed.complete +2025-08-15 15:41:39,183 - INFO - LLM Response: After analyzing the provided system data, I have identified no concerning anomalies in the network metrics section. However, I found an issue in the system logs that warrants attention. + +The parsing errors in the system logs are indicative of a potential problem with the log parsing mechanism. The error "Fallback regex failed: not enough values to unpack (expected 5, got 4)" suggests that there is an inconsistency in the log format, which may be causing issues with data interpretation or processing. This issue is considered **medium** severity as it may lead to incomplete or inaccurate logging, but it does not directly imply a security breach or network connectivity problem. + +Therefore, I recommend investigating and resolving this issue by reviewing the log parsing mechanism and adjusting it to handle the inconsistent log format. + +Additionally, I would like to note that there are no failed login attempts, unauthorized access, or unusual network connections reported in the provided system data. The network metrics section shows a stable connection with minor fluctuations in Round Trip Time (RTT), which is considered normal network variance. + +In summary, while there is a medium-severity issue related to log parsing errors, I do not consider this a security-related anomaly and recommend further investigation to resolve it. +2025-08-15 15:41:39,183 - INFO - Anomaly detected, sending alerts... +2025-08-15 15:41:39,185 - DEBUG - Starting new HTTPS connection (1): discord.com:443 +2025-08-15 15:41:39,389 - DEBUG - https://discord.com:443 "POST /api/webhooks/1024892743987773471/3Oh1KOw9tevBd-XtUkj8Rz2K4SePCFsxKmRrHhQw5spDeZKNzoyYoq6zC2cnTKo8VjJn?wait=True HTTP/1.1" 200 None +2025-08-15 15:41:39,390 - DEBUG - Webhook executed +2025-08-15 15:41:39,390 - INFO - Discord alert sent. +2025-08-15 15:41:39,391 - DEBUG - Starting new HTTP connection (1): 192.168.2.112:8123 +2025-08-15 15:41:39,399 - DEBUG - http://192.168.2.112:8123 "POST /api/services/tts/speak HTTP/1.1" 200 10 +2025-08-15 15:41:39,399 - INFO - Google Home alert sent. +2025-08-15 15:41:39,400 - INFO - --- Cycle Complete, sleeping for 5 minutes --- +2025-08-17 20:01:34,498 - INFO - --- Running Monitoring Cycle --- +2025-08-17 20:01:34,505 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:00:57.107829-05:00 homelab NetworkManager[1152]: [1755478857.1075] ndisc[0x649e9873a2d0,"enp0s31f6"]: solicit: failure sending router solicitation: Address family not supported by protocol (97) - Unable to parse message: '2025-08-17T20:00:57.107829-05:00 homelab NetworkManager[1152]: [1755478857.1075] ndisc[0x649e9873a2d0,"enp0s31f6"]: solicit: failure sending router solicitation: Address family not supported by protocol (97)' +2025-08-17 20:01:34,505 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:00:57.107829-05:00 homelab NetworkManager[1152]: [1755478857.1075] ndisc[0x649e9873a2d0,"enp0s31f6"]: solicit: failure sending router solicitation: Address family not supported by protocol (97) - not enough values to unpack (expected 5, got 4) +2025-08-17 20:01:34,505 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:01:00.867288-05:00 homelab tailscaled[1158]: monitor: RTM_DELROUTE: src=, dst=fdc1:b385:9b5a:e419::/64, gw=, outif=2, table=254 - Unable to parse message: '2025-08-17T20:01:00.867288-05:00 homelab tailscaled[1158]: monitor: RTM_DELROUTE: src=, dst=fdc1:b385:9b5a:e419::/64, gw=, outif=2, table=254' +2025-08-17 20:01:34,505 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:01:00.867288-05:00 homelab tailscaled[1158]: monitor: RTM_DELROUTE: src=, dst=fdc1:b385:9b5a:e419::/64, gw=, outif=2, table=254 - not enough values to unpack (expected 5, got 4) +2025-08-17 20:01:34,505 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:01:00.867480-05:00 homelab tailscaled[1158]: monitor: RTM_DELROUTE: src=, dst=fd11:e80c:3fef:1::/64, gw=fe80::182:f72:e8e5:96cb, outif=2, table=254 - Unable to parse message: '2025-08-17T20:01:00.867480-05:00 homelab tailscaled[1158]: monitor: RTM_DELROUTE: src=, dst=fd11:e80c:3fef:1::/64, gw=fe80::182:f72:e8e5:96cb, outif=2, table=254' +2025-08-17 20:01:34,505 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:01:00.867480-05:00 homelab tailscaled[1158]: monitor: RTM_DELROUTE: src=, dst=fd11:e80c:3fef:1::/64, gw=fe80::182:f72:e8e5:96cb, outif=2, table=254 - not enough values to unpack (expected 5, got 4) +2025-08-17 20:01:34,505 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:01:00.867518-05:00 homelab tailscaled[1158]: monitor: RTM_NEWROUTE: src=, dst=fdc1:b385:9b5a:e419::/64, gw=, outif=2, table=254 - Unable to parse message: '2025-08-17T20:01:00.867518-05:00 homelab tailscaled[1158]: monitor: RTM_NEWROUTE: src=, dst=fdc1:b385:9b5a:e419::/64, gw=, outif=2, table=254' +2025-08-17 20:01:34,505 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:01:00.867518-05:00 homelab tailscaled[1158]: monitor: RTM_NEWROUTE: src=, dst=fdc1:b385:9b5a:e419::/64, gw=, outif=2, table=254 - not enough values to unpack (expected 5, got 4) +2025-08-17 20:01:34,505 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:01:00.867545-05:00 homelab tailscaled[1158]: monitor: RTM_NEWROUTE: src=, dst=fd11:e80c:3fef:1::/64, gw=fe80::182:f72:e8e5:96cb, outif=2, table=254 - Unable to parse message: '2025-08-17T20:01:00.867545-05:00 homelab tailscaled[1158]: monitor: RTM_NEWROUTE: src=, dst=fd11:e80c:3fef:1::/64, gw=fe80::182:f72:e8e5:96cb, outif=2, table=254' +2025-08-17 20:01:34,505 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:01:00.867545-05:00 homelab tailscaled[1158]: monitor: RTM_NEWROUTE: src=, dst=fd11:e80c:3fef:1::/64, gw=fe80::182:f72:e8e5:96cb, outif=2, table=254 - not enough values to unpack (expected 5, got 4) +2025-08-17 20:01:34,506 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:01:01.107637-05:00 homelab NetworkManager[1152]: [1755478861.1073] ndisc[0x649e9873a2d0,"enp0s31f6"]: solicit: failure sending router solicitation: Address family not supported by protocol (97) - Unable to parse message: '2025-08-17T20:01:01.107637-05:00 homelab NetworkManager[1152]: [1755478861.1073] ndisc[0x649e9873a2d0,"enp0s31f6"]: solicit: failure sending router solicitation: Address family not supported by protocol (97)' +2025-08-17 20:01:34,506 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:01:01.107637-05:00 homelab NetworkManager[1152]: [1755478861.1073] ndisc[0x649e9873a2d0,"enp0s31f6"]: solicit: failure sending router solicitation: Address family not supported by protocol (97) - not enough values to unpack (expected 5, got 4) +2025-08-17 20:01:34,506 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:01:06.244123-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:01:06.243Z"} - Unable to parse message: '2025-08-17T20:01:06.244123-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:01:06.243Z"}' +2025-08-17 20:01:34,506 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:01:06.244123-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:01:06.243Z"} - not enough values to unpack (expected 5, got 4) +2025-08-17 20:01:34,506 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:01:09.402865-05:00 homelab systemd[1]: Started session-1048.scope - Session 1048 of User artanis. - Unable to parse message: '2025-08-17T20:01:09.402865-05:00 homelab systemd[1]: Started session-1048.scope - Session 1048 of User artanis.' +2025-08-17 20:01:34,506 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:01:09.402865-05:00 homelab systemd[1]: Started session-1048.scope - Session 1048 of User artanis. - not enough values to unpack (expected 5, got 4) +2025-08-17 20:01:34,506 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:01:16.247916-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:01:16.247Z"} - Unable to parse message: '2025-08-17T20:01:16.247916-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:01:16.247Z"}' +2025-08-17 20:01:34,506 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:01:16.247916-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:01:16.247Z"} - not enough values to unpack (expected 5, got 4) +2025-08-17 20:01:34,506 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:01:26.252667-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:01:26.252Z"} - Unable to parse message: '2025-08-17T20:01:26.252667-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:01:26.252Z"}' +2025-08-17 20:01:34,506 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:01:26.252667-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:01:26.252Z"} - not enough values to unpack (expected 5, got 4) +2025-08-17 20:01:34,506 - INFO - System Logs: [{'raw_log': '2025-08-17T20:00:57.107829-05:00 homelab NetworkManager[1152]: [1755478857.1075] ndisc[0x649e9873a2d0,"enp0s31f6"]: solicit: failure sending router solicitation: Address family not supported by protocol (97)', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:01:00.867288-05:00 homelab tailscaled[1158]: monitor: RTM_DELROUTE: src=, dst=fdc1:b385:9b5a:e419::/64, gw=, outif=2, table=254', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:01:00.867480-05:00 homelab tailscaled[1158]: monitor: RTM_DELROUTE: src=, dst=fd11:e80c:3fef:1::/64, gw=fe80::182:f72:e8e5:96cb, outif=2, table=254', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:01:00.867518-05:00 homelab tailscaled[1158]: monitor: RTM_NEWROUTE: src=, dst=fdc1:b385:9b5a:e419::/64, gw=, outif=2, table=254', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:01:00.867545-05:00 homelab tailscaled[1158]: monitor: RTM_NEWROUTE: src=, dst=fd11:e80c:3fef:1::/64, gw=fe80::182:f72:e8e5:96cb, outif=2, table=254', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:01:01.107637-05:00 homelab NetworkManager[1152]: [1755478861.1073] ndisc[0x649e9873a2d0,"enp0s31f6"]: solicit: failure sending router solicitation: Address family not supported by protocol (97)', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:01:06.244123-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:01:06.243Z"}', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:01:09.402865-05:00 homelab systemd[1]: Started session-1048.scope - Session 1048 of User artanis.', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:01:16.247916-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:01:16.247Z"}', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:01:26.252667-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:01:26.252Z"}', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}] +2025-08-17 20:01:36,533 - DEBUG - Raw ping output: PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. +64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=21.0 ms +64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=23.1 ms +64 bytes from 8.8.8.8: icmp_seq=3 ttl=111 time=22.8 ms + +--- 8.8.8.8 ping statistics --- +3 packets transmitted, 3 received, 0% packet loss, time 2002ms +rtt min/avg/max/mdev = 20.995/22.285/23.093/0.922 ms + +2025-08-17 20:01:36,534 - INFO - Network Metrics: {'packet_loss_percent': 0.0, 'round_trip_ms_min': 20.995, 'round_trip_ms_avg': 22.285, 'round_trip_ms_max': 23.093, 'raw_ping_output': 'PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.\n64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=21.0 ms\n64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=23.1 ms\n64 bytes from 8.8.8.8: icmp_seq=3 ttl=111 time=22.8 ms\n\n--- 8.8.8.8 ping statistics ---\n3 packets transmitted, 3 received, 0% packet loss, time 2002ms\nrtt min/avg/max/mdev = 20.995/22.285/23.093/0.922 ms\n'} +2025-08-17 20:01:36,534 - INFO - Combined Data: { + "system_logs": [ + { + "raw_log": "2025-08-17T20:00:57.107829-05:00 homelab NetworkManager[1152]: [1755478857.1075] ndisc[0x649e9873a2d0,\"enp0s31f6\"]: solicit: failure sending router solicitation: Address family not supported by protocol (97)", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:01:00.867288-05:00 homelab tailscaled[1158]: monitor: RTM_DELROUTE: src=, dst=fdc1:b385:9b5a:e419::/64, gw=, outif=2, table=254", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:01:00.867480-05:00 homelab tailscaled[1158]: monitor: RTM_DELROUTE: src=, dst=fd11:e80c:3fef:1::/64, gw=fe80::182:f72:e8e5:96cb, outif=2, table=254", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:01:00.867518-05:00 homelab tailscaled[1158]: monitor: RTM_NEWROUTE: src=, dst=fdc1:b385:9b5a:e419::/64, gw=, outif=2, table=254", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:01:00.867545-05:00 homelab tailscaled[1158]: monitor: RTM_NEWROUTE: src=, dst=fd11:e80c:3fef:1::/64, gw=fe80::182:f72:e8e5:96cb, outif=2, table=254", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:01:01.107637-05:00 homelab NetworkManager[1152]: [1755478861.1073] ndisc[0x649e9873a2d0,\"enp0s31f6\"]: solicit: failure sending router solicitation: Address family not supported by protocol (97)", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:01:06.244123-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-18T01:01:06.243Z\"}", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:01:09.402865-05:00 homelab systemd[1]: Started session-1048.scope - Session 1048 of User artanis.", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:01:16.247916-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-18T01:01:16.247Z\"}", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:01:26.252667-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-18T01:01:26.252Z\"}", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + } + ], + "network_metrics": { + "packet_loss_percent": 0.0, + "round_trip_ms_min": 20.995, + "round_trip_ms_avg": 22.285, + "round_trip_ms_max": 23.093, + "raw_ping_output": "PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.\n64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=21.0 ms\n64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=23.1 ms\n64 bytes from 8.8.8.8: icmp_seq=3 ttl=111 time=22.8 ms\n\n--- 8.8.8.8 ping statistics ---\n3 packets transmitted, 3 received, 0% packet loss, time 2002ms\nrtt min/avg/max/mdev = 20.995/22.285/23.093/0.922 ms\n" + } +} +2025-08-17 20:01:36,546 - DEBUG - connect_tcp.started host='192.168.2.114' port=11434 local_address=None timeout=None socket_options=None +2025-08-17 20:01:36,547 - DEBUG - connect_tcp.complete return_value= +2025-08-17 20:01:36,547 - DEBUG - send_request_headers.started request= +2025-08-17 20:01:36,547 - DEBUG - send_request_headers.complete +2025-08-17 20:01:36,547 - DEBUG - send_request_body.started request= +2025-08-17 20:01:36,551 - DEBUG - send_request_body.complete +2025-08-17 20:01:36,551 - DEBUG - receive_response_headers.started request= +2025-08-17 20:01:52,851 - DEBUG - receive_response_headers.complete return_value=(b'HTTP/1.1', 200, b'OK', [(b'Content-Type', b'application/json; charset=utf-8'), (b'Date', b'Mon, 18 Aug 2025 01:01:52 GMT'), (b'Transfer-Encoding', b'chunked')]) +2025-08-17 20:01:52,851 - INFO - HTTP Request: POST http://192.168.2.114:11434/api/generate "HTTP/1.1 200 OK" +2025-08-17 20:01:52,852 - DEBUG - receive_response_body.started request= +2025-08-17 20:01:52,852 - DEBUG - receive_response_body.complete +2025-08-17 20:01:52,852 - DEBUG - response_closed.started +2025-08-17 20:01:52,852 - DEBUG - response_closed.complete +2025-08-17 20:01:52,853 - INFO - LLM Response: Based on the provided system data, I have identified a concerning anomaly. + +The NetworkManager service has repeatedly encountered issues with sending router solicitations, resulting in warnings logged at regular intervals. This pattern of behavior is indicative of a potential configuration issue or hardware problem affecting the network interface "enp0s31f6". Given that this is a recurring error and not a minor fluctuation in RTT, I would rate its severity as **medium**. + +Report: A medium-severity anomaly has been detected due to repeated NetworkManager warnings about sending router solicitations on interface "enp0s31f6", potentially indicating a configuration issue or hardware problem affecting network connectivity. +2025-08-17 20:01:52,853 - INFO - Anomaly detected, sending alerts... +2025-08-17 20:01:52,855 - DEBUG - Starting new HTTPS connection (1): discord.com:443 +2025-08-17 20:01:53,113 - DEBUG - https://discord.com:443 "POST /api/webhooks/1024892743987773471/3Oh1KOw9tevBd-XtUkj8Rz2K4SePCFsxKmRrHhQw5spDeZKNzoyYoq6zC2cnTKo8VjJn?wait=True HTTP/1.1" 200 None +2025-08-17 20:01:53,115 - DEBUG - Webhook executed +2025-08-17 20:01:53,115 - INFO - Discord alert sent. +2025-08-17 20:01:53,116 - DEBUG - Starting new HTTP connection (1): 192.168.2.112:8123 +2025-08-17 20:01:53,162 - DEBUG - http://192.168.2.112:8123 "POST /api/services/tts/speak HTTP/1.1" 200 10 +2025-08-17 20:01:53,163 - INFO - Google Home alert sent. +2025-08-17 20:01:53,163 - INFO - --- Cycle Complete, sleeping for 5 minutes --- +2025-08-17 20:06:53,163 - INFO - --- Running Monitoring Cycle --- +2025-08-17 20:06:53,169 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:06:38.789336-05:00 homelab systembridge[1156]: 2025-08-18T01:06:38.788931378Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/ - Unable to parse message: '2025-08-17T20:06:38.789336-05:00 homelab systembridge[1156]: 2025-08-18T01:06:38.788931378Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/' +2025-08-17 20:06:53,169 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:06:38.789336-05:00 homelab systembridge[1156]: 2025-08-18T01:06:38.788931378Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/ - not enough values to unpack (expected 5, got 4) +2025-08-17 20:06:53,169 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:06:38.799697-05:00 homelab systembridge[1156]: 2025-08-18T01:06:38.799623779Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/ - Unable to parse message: '2025-08-17T20:06:38.799697-05:00 homelab systembridge[1156]: 2025-08-18T01:06:38.799623779Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/' +2025-08-17 20:06:53,169 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:06:38.799697-05:00 homelab systembridge[1156]: 2025-08-18T01:06:38.799623779Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/ - not enough values to unpack (expected 5, got 4) +2025-08-17 20:06:53,169 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:06:38.802229-05:00 homelab systembridge[1156]: 2025-08-18T01:06:38.802112794Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running - Unable to parse message: '2025-08-17T20:06:38.802229-05:00 homelab systembridge[1156]: 2025-08-18T01:06:38.802112794Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running' +2025-08-17 20:06:53,169 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:06:38.802229-05:00 homelab systembridge[1156]: 2025-08-18T01:06:38.802112794Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running - not enough values to unpack (expected 5, got 4) +2025-08-17 20:06:53,169 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:06:38.802307-05:00 homelab systembridge[1156]: 2025-08-18T01:06:38.802163990Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again - Unable to parse message: '2025-08-17T20:06:38.802307-05:00 homelab systembridge[1156]: 2025-08-18T01:06:38.802163990Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again' +2025-08-17 20:06:53,170 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:06:38.802307-05:00 homelab systembridge[1156]: 2025-08-18T01:06:38.802163990Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again - not enough values to unpack (expected 5, got 4) +2025-08-17 20:06:53,170 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:06:42.646898-05:00 homelab tailscaled[1158]: monitor: RTM_DELROUTE: src=, dst=fdc1:b385:9b5a:e419::/64, gw=, outif=2, table=254 - Unable to parse message: '2025-08-17T20:06:42.646898-05:00 homelab tailscaled[1158]: monitor: RTM_DELROUTE: src=, dst=fdc1:b385:9b5a:e419::/64, gw=, outif=2, table=254' +2025-08-17 20:06:53,170 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:06:42.646898-05:00 homelab tailscaled[1158]: monitor: RTM_DELROUTE: src=, dst=fdc1:b385:9b5a:e419::/64, gw=, outif=2, table=254 - not enough values to unpack (expected 5, got 4) +2025-08-17 20:06:53,170 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:06:42.647045-05:00 homelab tailscaled[1158]: monitor: RTM_DELROUTE: src=, dst=fd11:e80c:3fef:1::/64, gw=fe80::182:f72:e8e5:96cb, outif=2, table=254 - Unable to parse message: '2025-08-17T20:06:42.647045-05:00 homelab tailscaled[1158]: monitor: RTM_DELROUTE: src=, dst=fd11:e80c:3fef:1::/64, gw=fe80::182:f72:e8e5:96cb, outif=2, table=254' +2025-08-17 20:06:53,170 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:06:42.647045-05:00 homelab tailscaled[1158]: monitor: RTM_DELROUTE: src=, dst=fd11:e80c:3fef:1::/64, gw=fe80::182:f72:e8e5:96cb, outif=2, table=254 - not enough values to unpack (expected 5, got 4) +2025-08-17 20:06:53,171 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:06:42.647081-05:00 homelab tailscaled[1158]: monitor: RTM_NEWROUTE: src=, dst=fdc1:b385:9b5a:e419::/64, gw=, outif=2, table=254 - Unable to parse message: '2025-08-17T20:06:42.647081-05:00 homelab tailscaled[1158]: monitor: RTM_NEWROUTE: src=, dst=fdc1:b385:9b5a:e419::/64, gw=, outif=2, table=254' +2025-08-17 20:06:53,171 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:06:42.647081-05:00 homelab tailscaled[1158]: monitor: RTM_NEWROUTE: src=, dst=fdc1:b385:9b5a:e419::/64, gw=, outif=2, table=254 - not enough values to unpack (expected 5, got 4) +2025-08-17 20:06:53,171 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:06:42.647126-05:00 homelab tailscaled[1158]: monitor: RTM_NEWROUTE: src=, dst=fd11:e80c:3fef:1::/64, gw=fe80::182:f72:e8e5:96cb, outif=2, table=254 - Unable to parse message: '2025-08-17T20:06:42.647126-05:00 homelab tailscaled[1158]: monitor: RTM_NEWROUTE: src=, dst=fd11:e80c:3fef:1::/64, gw=fe80::182:f72:e8e5:96cb, outif=2, table=254' +2025-08-17 20:06:53,171 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:06:42.647126-05:00 homelab tailscaled[1158]: monitor: RTM_NEWROUTE: src=, dst=fd11:e80c:3fef:1::/64, gw=fe80::182:f72:e8e5:96cb, outif=2, table=254 - not enough values to unpack (expected 5, got 4) +2025-08-17 20:06:53,171 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:06:43.107718-05:00 homelab NetworkManager[1152]: [1755479203.1074] ndisc[0x649e9873a2d0,"enp0s31f6"]: solicit: failure sending router solicitation: Address family not supported by protocol (97) - Unable to parse message: '2025-08-17T20:06:43.107718-05:00 homelab NetworkManager[1152]: [1755479203.1074] ndisc[0x649e9873a2d0,"enp0s31f6"]: solicit: failure sending router solicitation: Address family not supported by protocol (97)' +2025-08-17 20:06:53,171 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:06:43.107718-05:00 homelab NetworkManager[1152]: [1755479203.1074] ndisc[0x649e9873a2d0,"enp0s31f6"]: solicit: failure sending router solicitation: Address family not supported by protocol (97) - not enough values to unpack (expected 5, got 4) +2025-08-17 20:06:53,172 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:06:46.404426-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:06:46.404Z"} - Unable to parse message: '2025-08-17T20:06:46.404426-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:06:46.404Z"}' +2025-08-17 20:06:53,172 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:06:46.404426-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:06:46.404Z"} - not enough values to unpack (expected 5, got 4) +2025-08-17 20:06:53,172 - INFO - System Logs: [{'raw_log': '2025-08-17T20:06:38.789336-05:00 homelab systembridge[1156]: 2025-08-18T01:06:38.788931378Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:06:38.799697-05:00 homelab systembridge[1156]: 2025-08-18T01:06:38.799623779Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:06:38.802229-05:00 homelab systembridge[1156]: 2025-08-18T01:06:38.802112794Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:06:38.802307-05:00 homelab systembridge[1156]: 2025-08-18T01:06:38.802163990Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:06:42.646898-05:00 homelab tailscaled[1158]: monitor: RTM_DELROUTE: src=, dst=fdc1:b385:9b5a:e419::/64, gw=, outif=2, table=254', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:06:42.647045-05:00 homelab tailscaled[1158]: monitor: RTM_DELROUTE: src=, dst=fd11:e80c:3fef:1::/64, gw=fe80::182:f72:e8e5:96cb, outif=2, table=254', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:06:42.647081-05:00 homelab tailscaled[1158]: monitor: RTM_NEWROUTE: src=, dst=fdc1:b385:9b5a:e419::/64, gw=, outif=2, table=254', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:06:42.647126-05:00 homelab tailscaled[1158]: monitor: RTM_NEWROUTE: src=, dst=fd11:e80c:3fef:1::/64, gw=fe80::182:f72:e8e5:96cb, outif=2, table=254', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:06:43.107718-05:00 homelab NetworkManager[1152]: [1755479203.1074] ndisc[0x649e9873a2d0,"enp0s31f6"]: solicit: failure sending router solicitation: Address family not supported by protocol (97)', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:06:46.404426-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:06:46.404Z"}', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}] +2025-08-17 20:06:55,198 - DEBUG - Raw ping output: PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. +64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=134 ms +64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=22.7 ms +64 bytes from 8.8.8.8: icmp_seq=3 ttl=111 time=22.3 ms + +--- 8.8.8.8 ping statistics --- +3 packets transmitted, 3 received, 0% packet loss, time 2001ms +rtt min/avg/max/mdev = 22.260/59.645/133.959/52.548 ms + +2025-08-17 20:06:55,198 - INFO - Network Metrics: {'packet_loss_percent': 0.0, 'round_trip_ms_min': 22.26, 'round_trip_ms_avg': 59.645, 'round_trip_ms_max': 133.959, 'raw_ping_output': 'PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.\n64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=134 ms\n64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=22.7 ms\n64 bytes from 8.8.8.8: icmp_seq=3 ttl=111 time=22.3 ms\n\n--- 8.8.8.8 ping statistics ---\n3 packets transmitted, 3 received, 0% packet loss, time 2001ms\nrtt min/avg/max/mdev = 22.260/59.645/133.959/52.548 ms\n'} +2025-08-17 20:06:55,198 - INFO - Combined Data: { + "system_logs": [ + { + "raw_log": "2025-08-17T20:06:38.789336-05:00 homelab systembridge[1156]: 2025-08-18T01:06:38.788931378Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:06:38.799697-05:00 homelab systembridge[1156]: 2025-08-18T01:06:38.799623779Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:06:38.802229-05:00 homelab systembridge[1156]: 2025-08-18T01:06:38.802112794Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:06:38.802307-05:00 homelab systembridge[1156]: 2025-08-18T01:06:38.802163990Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:06:42.646898-05:00 homelab tailscaled[1158]: monitor: RTM_DELROUTE: src=, dst=fdc1:b385:9b5a:e419::/64, gw=, outif=2, table=254", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:06:42.647045-05:00 homelab tailscaled[1158]: monitor: RTM_DELROUTE: src=, dst=fd11:e80c:3fef:1::/64, gw=fe80::182:f72:e8e5:96cb, outif=2, table=254", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:06:42.647081-05:00 homelab tailscaled[1158]: monitor: RTM_NEWROUTE: src=, dst=fdc1:b385:9b5a:e419::/64, gw=, outif=2, table=254", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:06:42.647126-05:00 homelab tailscaled[1158]: monitor: RTM_NEWROUTE: src=, dst=fd11:e80c:3fef:1::/64, gw=fe80::182:f72:e8e5:96cb, outif=2, table=254", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:06:43.107718-05:00 homelab NetworkManager[1152]: [1755479203.1074] ndisc[0x649e9873a2d0,\"enp0s31f6\"]: solicit: failure sending router solicitation: Address family not supported by protocol (97)", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:06:46.404426-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-18T01:06:46.404Z\"}", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + } + ], + "network_metrics": { + "packet_loss_percent": 0.0, + "round_trip_ms_min": 22.26, + "round_trip_ms_avg": 59.645, + "round_trip_ms_max": 133.959, + "raw_ping_output": "PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.\n64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=134 ms\n64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=22.7 ms\n64 bytes from 8.8.8.8: icmp_seq=3 ttl=111 time=22.3 ms\n\n--- 8.8.8.8 ping statistics ---\n3 packets transmitted, 3 received, 0% packet loss, time 2001ms\nrtt min/avg/max/mdev = 22.260/59.645/133.959/52.548 ms\n" + } +} +2025-08-17 20:06:55,210 - DEBUG - connect_tcp.started host='192.168.2.114' port=11434 local_address=None timeout=None socket_options=None +2025-08-17 20:06:55,211 - DEBUG - connect_tcp.complete return_value= +2025-08-17 20:06:55,211 - DEBUG - send_request_headers.started request= +2025-08-17 20:06:55,211 - DEBUG - send_request_headers.complete +2025-08-17 20:06:55,212 - DEBUG - send_request_body.started request= +2025-08-17 20:06:55,212 - DEBUG - send_request_body.complete +2025-08-17 20:06:55,212 - DEBUG - receive_response_headers.started request= +2025-08-17 20:07:18,364 - DEBUG - receive_response_headers.complete return_value=(b'HTTP/1.1', 200, b'OK', [(b'Content-Type', b'application/json; charset=utf-8'), (b'Date', b'Mon, 18 Aug 2025 01:07:18 GMT'), (b'Transfer-Encoding', b'chunked')]) +2025-08-17 20:07:18,364 - INFO - HTTP Request: POST http://192.168.2.114:11434/api/generate "HTTP/1.1 200 OK" +2025-08-17 20:07:18,366 - DEBUG - receive_response_body.started request= +2025-08-17 20:07:18,367 - DEBUG - receive_response_body.complete +2025-08-17 20:07:18,367 - DEBUG - response_closed.started +2025-08-17 20:07:18,367 - DEBUG - response_closed.complete +2025-08-17 20:07:18,368 - INFO - LLM Response: Based on the provided system data, I have identified an anomaly that warrants attention. + +**Anomaly Report:** + +A parsing error in one of the system logs indicates potential issues with regex patterns used for log processing. The error message "Fallback regex failed: not enough values to unpack (expected 5, got 4)" is repeated across several log entries from different processes, including `systembridge` and `tailscaled`. This could indicate a configuration issue or a problem with the regex pattern itself. I classify this anomaly as **medium severity** because it may impact log processing and analysis, potentially leading to missed security events or system issues. + +OK +2025-08-17 20:07:18,369 - INFO - Anomaly detected, sending alerts... +2025-08-17 20:07:18,370 - DEBUG - Starting new HTTPS connection (1): discord.com:443 +2025-08-17 20:07:18,571 - DEBUG - https://discord.com:443 "POST /api/webhooks/1024892743987773471/3Oh1KOw9tevBd-XtUkj8Rz2K4SePCFsxKmRrHhQw5spDeZKNzoyYoq6zC2cnTKo8VjJn?wait=True HTTP/1.1" 200 None +2025-08-17 20:07:18,572 - DEBUG - Webhook executed +2025-08-17 20:07:18,572 - INFO - Discord alert sent. +2025-08-17 20:07:18,573 - DEBUG - Starting new HTTP connection (1): 192.168.2.112:8123 +2025-08-17 20:07:18,581 - DEBUG - http://192.168.2.112:8123 "POST /api/services/tts/speak HTTP/1.1" 200 10 +2025-08-17 20:07:18,582 - INFO - Google Home alert sent. +2025-08-17 20:07:18,582 - INFO - --- Cycle Complete, sleeping for 5 minutes --- +2025-08-17 20:12:18,582 - INFO - --- Running Monitoring Cycle --- +2025-08-17 20:12:18,588 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:11:38.855333-05:00 homelab tailscaled[1158]: magicsock: derp-16 connected; connGen=1 - Unable to parse message: '2025-08-17T20:11:38.855333-05:00 homelab tailscaled[1158]: magicsock: derp-16 connected; connGen=1' +2025-08-17 20:12:18,588 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:11:38.855333-05:00 homelab tailscaled[1158]: magicsock: derp-16 connected; connGen=1 - not enough values to unpack (expected 5, got 4) +2025-08-17 20:12:18,588 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:11:42.466298-05:00 homelab tailscaled[1158]: monitor: RTM_DELROUTE: src=, dst=fdc1:b385:9b5a:e419::/64, gw=, outif=2, table=254 - Unable to parse message: '2025-08-17T20:11:42.466298-05:00 homelab tailscaled[1158]: monitor: RTM_DELROUTE: src=, dst=fdc1:b385:9b5a:e419::/64, gw=, outif=2, table=254' +2025-08-17 20:12:18,589 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:11:42.466298-05:00 homelab tailscaled[1158]: monitor: RTM_DELROUTE: src=, dst=fdc1:b385:9b5a:e419::/64, gw=, outif=2, table=254 - not enough values to unpack (expected 5, got 4) +2025-08-17 20:12:18,589 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:11:42.466456-05:00 homelab tailscaled[1158]: monitor: RTM_DELROUTE: src=, dst=fd11:e80c:3fef:1::/64, gw=fe80::182:f72:e8e5:96cb, outif=2, table=254 - Unable to parse message: '2025-08-17T20:11:42.466456-05:00 homelab tailscaled[1158]: monitor: RTM_DELROUTE: src=, dst=fd11:e80c:3fef:1::/64, gw=fe80::182:f72:e8e5:96cb, outif=2, table=254' +2025-08-17 20:12:18,589 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:11:42.466456-05:00 homelab tailscaled[1158]: monitor: RTM_DELROUTE: src=, dst=fd11:e80c:3fef:1::/64, gw=fe80::182:f72:e8e5:96cb, outif=2, table=254 - not enough values to unpack (expected 5, got 4) +2025-08-17 20:12:18,589 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:11:42.466501-05:00 homelab tailscaled[1158]: monitor: RTM_NEWROUTE: src=, dst=fdc1:b385:9b5a:e419::/64, gw=, outif=2, table=254 - Unable to parse message: '2025-08-17T20:11:42.466501-05:00 homelab tailscaled[1158]: monitor: RTM_NEWROUTE: src=, dst=fdc1:b385:9b5a:e419::/64, gw=, outif=2, table=254' +2025-08-17 20:12:18,589 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:11:42.466501-05:00 homelab tailscaled[1158]: monitor: RTM_NEWROUTE: src=, dst=fdc1:b385:9b5a:e419::/64, gw=, outif=2, table=254 - not enough values to unpack (expected 5, got 4) +2025-08-17 20:12:18,589 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:11:42.466528-05:00 homelab tailscaled[1158]: monitor: RTM_NEWROUTE: src=, dst=fd11:e80c:3fef:1::/64, gw=fe80::182:f72:e8e5:96cb, outif=2, table=254 - Unable to parse message: '2025-08-17T20:11:42.466528-05:00 homelab tailscaled[1158]: monitor: RTM_NEWROUTE: src=, dst=fd11:e80c:3fef:1::/64, gw=fe80::182:f72:e8e5:96cb, outif=2, table=254' +2025-08-17 20:12:18,589 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:11:42.466528-05:00 homelab tailscaled[1158]: monitor: RTM_NEWROUTE: src=, dst=fd11:e80c:3fef:1::/64, gw=fe80::182:f72:e8e5:96cb, outif=2, table=254 - not enough values to unpack (expected 5, got 4) +2025-08-17 20:12:18,589 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:11:43.107823-05:00 homelab NetworkManager[1152]: [1755479503.1075] ndisc[0x649e9873a2d0,"enp0s31f6"]: solicit: failure sending router solicitation: Address family not supported by protocol (97) - Unable to parse message: '2025-08-17T20:11:43.107823-05:00 homelab NetworkManager[1152]: [1755479503.1075] ndisc[0x649e9873a2d0,"enp0s31f6"]: solicit: failure sending router solicitation: Address family not supported by protocol (97)' +2025-08-17 20:12:18,589 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:11:43.107823-05:00 homelab NetworkManager[1152]: [1755479503.1075] ndisc[0x649e9873a2d0,"enp0s31f6"]: solicit: failure sending router solicitation: Address family not supported by protocol (97) - not enough values to unpack (expected 5, got 4) +2025-08-17 20:12:18,589 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:11:46.551210-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:11:46.550Z"} - Unable to parse message: '2025-08-17T20:11:46.551210-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:11:46.550Z"}' +2025-08-17 20:12:18,590 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:11:46.551210-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:11:46.550Z"} - not enough values to unpack (expected 5, got 4) +2025-08-17 20:12:18,590 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:11:56.552618-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:11:56.552Z"} - Unable to parse message: '2025-08-17T20:11:56.552618-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:11:56.552Z"}' +2025-08-17 20:12:18,590 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:11:56.552618-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:11:56.552Z"} - not enough values to unpack (expected 5, got 4) +2025-08-17 20:12:18,590 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:12:06.556083-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:12:06.555Z"} - Unable to parse message: '2025-08-17T20:12:06.556083-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:12:06.555Z"}' +2025-08-17 20:12:18,590 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:12:06.556083-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:12:06.555Z"} - not enough values to unpack (expected 5, got 4) +2025-08-17 20:12:18,590 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:12:16.559418-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:12:16.558Z"} - Unable to parse message: '2025-08-17T20:12:16.559418-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:12:16.558Z"}' +2025-08-17 20:12:18,590 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:12:16.559418-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:12:16.558Z"} - not enough values to unpack (expected 5, got 4) +2025-08-17 20:12:18,590 - INFO - System Logs: [{'raw_log': '2025-08-17T20:11:38.855333-05:00 homelab tailscaled[1158]: magicsock: derp-16 connected; connGen=1', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:11:42.466298-05:00 homelab tailscaled[1158]: monitor: RTM_DELROUTE: src=, dst=fdc1:b385:9b5a:e419::/64, gw=, outif=2, table=254', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:11:42.466456-05:00 homelab tailscaled[1158]: monitor: RTM_DELROUTE: src=, dst=fd11:e80c:3fef:1::/64, gw=fe80::182:f72:e8e5:96cb, outif=2, table=254', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:11:42.466501-05:00 homelab tailscaled[1158]: monitor: RTM_NEWROUTE: src=, dst=fdc1:b385:9b5a:e419::/64, gw=, outif=2, table=254', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:11:42.466528-05:00 homelab tailscaled[1158]: monitor: RTM_NEWROUTE: src=, dst=fd11:e80c:3fef:1::/64, gw=fe80::182:f72:e8e5:96cb, outif=2, table=254', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:11:43.107823-05:00 homelab NetworkManager[1152]: [1755479503.1075] ndisc[0x649e9873a2d0,"enp0s31f6"]: solicit: failure sending router solicitation: Address family not supported by protocol (97)', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:11:46.551210-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:11:46.550Z"}', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:11:56.552618-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:11:56.552Z"}', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:12:06.556083-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:12:06.555Z"}', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:12:16.559418-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:12:16.558Z"}', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}] +2025-08-17 20:12:20,613 - DEBUG - Raw ping output: PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. +64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=19.2 ms +64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=20.2 ms +64 bytes from 8.8.8.8: icmp_seq=3 ttl=111 time=18.8 ms + +--- 8.8.8.8 ping statistics --- +3 packets transmitted, 3 received, 0% packet loss, time 2002ms +rtt min/avg/max/mdev = 18.809/19.393/20.202/0.590 ms + +2025-08-17 20:12:20,613 - INFO - Network Metrics: {'packet_loss_percent': 0.0, 'round_trip_ms_min': 18.809, 'round_trip_ms_avg': 19.393, 'round_trip_ms_max': 20.202, 'raw_ping_output': 'PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.\n64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=19.2 ms\n64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=20.2 ms\n64 bytes from 8.8.8.8: icmp_seq=3 ttl=111 time=18.8 ms\n\n--- 8.8.8.8 ping statistics ---\n3 packets transmitted, 3 received, 0% packet loss, time 2002ms\nrtt min/avg/max/mdev = 18.809/19.393/20.202/0.590 ms\n'} +2025-08-17 20:12:20,613 - INFO - Combined Data: { + "system_logs": [ + { + "raw_log": "2025-08-17T20:11:38.855333-05:00 homelab tailscaled[1158]: magicsock: derp-16 connected; connGen=1", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:11:42.466298-05:00 homelab tailscaled[1158]: monitor: RTM_DELROUTE: src=, dst=fdc1:b385:9b5a:e419::/64, gw=, outif=2, table=254", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:11:42.466456-05:00 homelab tailscaled[1158]: monitor: RTM_DELROUTE: src=, dst=fd11:e80c:3fef:1::/64, gw=fe80::182:f72:e8e5:96cb, outif=2, table=254", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:11:42.466501-05:00 homelab tailscaled[1158]: monitor: RTM_NEWROUTE: src=, dst=fdc1:b385:9b5a:e419::/64, gw=, outif=2, table=254", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:11:42.466528-05:00 homelab tailscaled[1158]: monitor: RTM_NEWROUTE: src=, dst=fd11:e80c:3fef:1::/64, gw=fe80::182:f72:e8e5:96cb, outif=2, table=254", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:11:43.107823-05:00 homelab NetworkManager[1152]: [1755479503.1075] ndisc[0x649e9873a2d0,\"enp0s31f6\"]: solicit: failure sending router solicitation: Address family not supported by protocol (97)", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:11:46.551210-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-18T01:11:46.550Z\"}", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:11:56.552618-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-18T01:11:56.552Z\"}", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:12:06.556083-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-18T01:12:06.555Z\"}", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:12:16.559418-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-18T01:12:16.558Z\"}", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + } + ], + "network_metrics": { + "packet_loss_percent": 0.0, + "round_trip_ms_min": 18.809, + "round_trip_ms_avg": 19.393, + "round_trip_ms_max": 20.202, + "raw_ping_output": "PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.\n64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=19.2 ms\n64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=20.2 ms\n64 bytes from 8.8.8.8: icmp_seq=3 ttl=111 time=18.8 ms\n\n--- 8.8.8.8 ping statistics ---\n3 packets transmitted, 3 received, 0% packet loss, time 2002ms\nrtt min/avg/max/mdev = 18.809/19.393/20.202/0.590 ms\n" + } +} +2025-08-17 20:12:20,626 - DEBUG - connect_tcp.started host='192.168.2.114' port=11434 local_address=None timeout=None socket_options=None +2025-08-17 20:12:20,626 - DEBUG - connect_tcp.complete return_value= +2025-08-17 20:12:20,626 - DEBUG - send_request_headers.started request= +2025-08-17 20:12:20,627 - DEBUG - send_request_headers.complete +2025-08-17 20:12:20,627 - DEBUG - send_request_body.started request= +2025-08-17 20:12:20,627 - DEBUG - send_request_body.complete +2025-08-17 20:12:20,627 - DEBUG - receive_response_headers.started request= +2025-08-17 20:12:42,969 - DEBUG - receive_response_headers.complete return_value=(b'HTTP/1.1', 200, b'OK', [(b'Content-Type', b'application/json; charset=utf-8'), (b'Date', b'Mon, 18 Aug 2025 01:12:42 GMT'), (b'Transfer-Encoding', b'chunked')]) +2025-08-17 20:12:42,969 - INFO - HTTP Request: POST http://192.168.2.114:11434/api/generate "HTTP/1.1 200 OK" +2025-08-17 20:12:42,969 - DEBUG - receive_response_body.started request= +2025-08-17 20:12:42,970 - DEBUG - receive_response_body.complete +2025-08-17 20:12:42,970 - DEBUG - response_closed.started +2025-08-17 20:12:42,970 - DEBUG - response_closed.complete +2025-08-17 20:12:42,970 - INFO - LLM Response: After analyzing the system data, I have identified a concerning anomaly. + +There are multiple instances of parsing errors in the system logs due to insufficient values being unpacked by regular expressions (regex). This indicates a potential issue with the log parsing mechanism, which may be caused by an outdated or incorrectly configured regex pattern. The severity of this anomaly is medium, as it could potentially lead to incomplete or inaccurate logging, making it difficult to detect and respond to security incidents or system issues. + +Here's a more specific breakdown: + +- Multiple occurrences of parsing errors in the system logs (5 instances). +- Errors are consistently caused by insufficient values being unpacked by regular expressions. +- This issue does not appear to be directly related to security or connectivity loss, but could potentially impact logging accuracy and reliability. +2025-08-17 20:12:42,970 - INFO - Anomaly detected, sending alerts... +2025-08-17 20:12:42,971 - DEBUG - Starting new HTTPS connection (1): discord.com:443 +2025-08-17 20:12:43,187 - DEBUG - https://discord.com:443 "POST /api/webhooks/1024892743987773471/3Oh1KOw9tevBd-XtUkj8Rz2K4SePCFsxKmRrHhQw5spDeZKNzoyYoq6zC2cnTKo8VjJn?wait=True HTTP/1.1" 200 None +2025-08-17 20:12:43,188 - DEBUG - Webhook executed +2025-08-17 20:12:43,188 - INFO - Discord alert sent. +2025-08-17 20:12:43,189 - DEBUG - Starting new HTTP connection (1): 192.168.2.112:8123 +2025-08-17 20:12:43,212 - DEBUG - http://192.168.2.112:8123 "POST /api/services/tts/speak HTTP/1.1" 200 10 +2025-08-17 20:12:43,212 - INFO - Google Home alert sent. +2025-08-17 20:12:43,212 - INFO - --- Cycle Complete, sleeping for 5 minutes --- +2025-08-17 20:17:43,213 - INFO - --- Running Monitoring Cycle --- +2025-08-17 20:17:43,218 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:17:06.690947-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:17:06.690Z"} - Unable to parse message: '2025-08-17T20:17:06.690947-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:17:06.690Z"}' +2025-08-17 20:17:43,219 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:17:06.690947-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:17:06.690Z"} - not enough values to unpack (expected 5, got 4) +2025-08-17 20:17:43,219 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:17:16.695900-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:17:16.695Z"} - Unable to parse message: '2025-08-17T20:17:16.695900-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:17:16.695Z"}' +2025-08-17 20:17:43,219 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:17:16.695900-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:17:16.695Z"} - not enough values to unpack (expected 5, got 4) +2025-08-17 20:17:43,219 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:17:26.700906-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:17:26.700Z"} - Unable to parse message: '2025-08-17T20:17:26.700906-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:17:26.700Z"}' +2025-08-17 20:17:43,219 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:17:26.700906-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:17:26.700Z"} - not enough values to unpack (expected 5, got 4) +2025-08-17 20:17:43,220 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:17:36.704948-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:17:36.704Z"} - Unable to parse message: '2025-08-17T20:17:36.704948-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:17:36.704Z"}' +2025-08-17 20:17:43,220 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:17:36.704948-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:17:36.704Z"} - not enough values to unpack (expected 5, got 4) +2025-08-17 20:17:43,220 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:17:38.789532-05:00 homelab systembridge[1156]: 2025-08-18T01:17:38.789122897Z #033[36mDEBUG#033[0m (11) [systembridge] Checking backend server.. - Unable to parse message: '2025-08-17T20:17:38.789532-05:00 homelab systembridge[1156]: 2025-08-18T01:17:38.789122897Z #033[36mDEBUG#033[0m (11) [systembridge] Checking backend server..' +2025-08-17 20:17:43,220 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:17:38.789532-05:00 homelab systembridge[1156]: 2025-08-18T01:17:38.789122897Z #033[36mDEBUG#033[0m (11) [systembridge] Checking backend server.. - not enough values to unpack (expected 5, got 4) +2025-08-17 20:17:43,221 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:17:38.789711-05:00 homelab systembridge[1156]: 2025-08-18T01:17:38.789178372Z #033[36mDEBUG#033[0m (11) [systembridge::shared] Data path: /home/artanis/.local/share/timmo001 - Unable to parse message: '2025-08-17T20:17:38.789711-05:00 homelab systembridge[1156]: 2025-08-18T01:17:38.789178372Z #033[36mDEBUG#033[0m (11) [systembridge::shared] Data path: /home/artanis/.local/share/timmo001' +2025-08-17 20:17:43,221 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:17:38.789711-05:00 homelab systembridge[1156]: 2025-08-18T01:17:38.789178372Z #033[36mDEBUG#033[0m (11) [systembridge::shared] Data path: /home/artanis/.local/share/timmo001 - not enough values to unpack (expected 5, got 4) +2025-08-17 20:17:43,222 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:17:38.789772-05:00 homelab systembridge[1156]: 2025-08-18T01:17:38.789224412Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/ - Unable to parse message: '2025-08-17T20:17:38.789772-05:00 homelab systembridge[1156]: 2025-08-18T01:17:38.789224412Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/' +2025-08-17 20:17:43,222 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:17:38.789772-05:00 homelab systembridge[1156]: 2025-08-18T01:17:38.789224412Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/ - not enough values to unpack (expected 5, got 4) +2025-08-17 20:17:43,222 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:17:38.800165-05:00 homelab systembridge[1156]: 2025-08-18T01:17:38.800021193Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/ - Unable to parse message: '2025-08-17T20:17:38.800165-05:00 homelab systembridge[1156]: 2025-08-18T01:17:38.800021193Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/' +2025-08-17 20:17:43,222 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:17:38.800165-05:00 homelab systembridge[1156]: 2025-08-18T01:17:38.800021193Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/ - not enough values to unpack (expected 5, got 4) +2025-08-17 20:17:43,223 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:17:38.802388-05:00 homelab systembridge[1156]: 2025-08-18T01:17:38.802316033Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running - Unable to parse message: '2025-08-17T20:17:38.802388-05:00 homelab systembridge[1156]: 2025-08-18T01:17:38.802316033Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running' +2025-08-17 20:17:43,223 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:17:38.802388-05:00 homelab systembridge[1156]: 2025-08-18T01:17:38.802316033Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running - not enough values to unpack (expected 5, got 4) +2025-08-17 20:17:43,223 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:17:38.802486-05:00 homelab systembridge[1156]: 2025-08-18T01:17:38.802360419Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again - Unable to parse message: '2025-08-17T20:17:38.802486-05:00 homelab systembridge[1156]: 2025-08-18T01:17:38.802360419Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again' +2025-08-17 20:17:43,223 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:17:38.802486-05:00 homelab systembridge[1156]: 2025-08-18T01:17:38.802360419Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again - not enough values to unpack (expected 5, got 4) +2025-08-17 20:17:43,224 - INFO - System Logs: [{'raw_log': '2025-08-17T20:17:06.690947-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:17:06.690Z"}', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:17:16.695900-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:17:16.695Z"}', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:17:26.700906-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:17:26.700Z"}', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:17:36.704948-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:17:36.704Z"}', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:17:38.789532-05:00 homelab systembridge[1156]: 2025-08-18T01:17:38.789122897Z #033[36mDEBUG#033[0m (11) [systembridge] Checking backend server..', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:17:38.789711-05:00 homelab systembridge[1156]: 2025-08-18T01:17:38.789178372Z #033[36mDEBUG#033[0m (11) [systembridge::shared] Data path: /home/artanis/.local/share/timmo001', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:17:38.789772-05:00 homelab systembridge[1156]: 2025-08-18T01:17:38.789224412Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:17:38.800165-05:00 homelab systembridge[1156]: 2025-08-18T01:17:38.800021193Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:17:38.802388-05:00 homelab systembridge[1156]: 2025-08-18T01:17:38.802316033Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:17:38.802486-05:00 homelab systembridge[1156]: 2025-08-18T01:17:38.802360419Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}] +2025-08-17 20:17:45,256 - DEBUG - Raw ping output: PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. +64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=31.4 ms +64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=24.7 ms +64 bytes from 8.8.8.8: icmp_seq=3 ttl=111 time=27.6 ms + +--- 8.8.8.8 ping statistics --- +3 packets transmitted, 3 received, 0% packet loss, time 2003ms +rtt min/avg/max/mdev = 24.704/27.899/31.407/2.745 ms + +2025-08-17 20:17:45,256 - INFO - Network Metrics: {'packet_loss_percent': 0.0, 'round_trip_ms_min': 24.704, 'round_trip_ms_avg': 27.899, 'round_trip_ms_max': 31.407, 'raw_ping_output': 'PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.\n64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=31.4 ms\n64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=24.7 ms\n64 bytes from 8.8.8.8: icmp_seq=3 ttl=111 time=27.6 ms\n\n--- 8.8.8.8 ping statistics ---\n3 packets transmitted, 3 received, 0% packet loss, time 2003ms\nrtt min/avg/max/mdev = 24.704/27.899/31.407/2.745 ms\n'} +2025-08-17 20:17:45,256 - INFO - Combined Data: { + "system_logs": [ + { + "raw_log": "2025-08-17T20:17:06.690947-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-18T01:17:06.690Z\"}", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:17:16.695900-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-18T01:17:16.695Z\"}", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:17:26.700906-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-18T01:17:26.700Z\"}", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:17:36.704948-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-18T01:17:36.704Z\"}", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:17:38.789532-05:00 homelab systembridge[1156]: 2025-08-18T01:17:38.789122897Z #033[36mDEBUG#033[0m (11) [systembridge] Checking backend server..", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:17:38.789711-05:00 homelab systembridge[1156]: 2025-08-18T01:17:38.789178372Z #033[36mDEBUG#033[0m (11) [systembridge::shared] Data path: /home/artanis/.local/share/timmo001", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:17:38.789772-05:00 homelab systembridge[1156]: 2025-08-18T01:17:38.789224412Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:17:38.800165-05:00 homelab systembridge[1156]: 2025-08-18T01:17:38.800021193Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:17:38.802388-05:00 homelab systembridge[1156]: 2025-08-18T01:17:38.802316033Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:17:38.802486-05:00 homelab systembridge[1156]: 2025-08-18T01:17:38.802360419Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + } + ], + "network_metrics": { + "packet_loss_percent": 0.0, + "round_trip_ms_min": 24.704, + "round_trip_ms_avg": 27.899, + "round_trip_ms_max": 31.407, + "raw_ping_output": "PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.\n64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=31.4 ms\n64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=24.7 ms\n64 bytes from 8.8.8.8: icmp_seq=3 ttl=111 time=27.6 ms\n\n--- 8.8.8.8 ping statistics ---\n3 packets transmitted, 3 received, 0% packet loss, time 2003ms\nrtt min/avg/max/mdev = 24.704/27.899/31.407/2.745 ms\n" + } +} +2025-08-17 20:17:45,269 - DEBUG - connect_tcp.started host='192.168.2.114' port=11434 local_address=None timeout=None socket_options=None +2025-08-17 20:17:45,270 - DEBUG - connect_tcp.complete return_value= +2025-08-17 20:17:45,271 - DEBUG - send_request_headers.started request= +2025-08-17 20:17:45,271 - DEBUG - send_request_headers.complete +2025-08-17 20:17:45,271 - DEBUG - send_request_body.started request= +2025-08-17 20:17:45,275 - DEBUG - send_request_body.complete +2025-08-17 20:17:45,275 - DEBUG - receive_response_headers.started request= +2025-08-17 20:18:07,454 - DEBUG - receive_response_headers.complete return_value=(b'HTTP/1.1', 200, b'OK', [(b'Content-Type', b'application/json; charset=utf-8'), (b'Date', b'Mon, 18 Aug 2025 01:18:07 GMT'), (b'Transfer-Encoding', b'chunked')]) +2025-08-17 20:18:07,455 - INFO - HTTP Request: POST http://192.168.2.114:11434/api/generate "HTTP/1.1 200 OK" +2025-08-17 20:18:07,455 - DEBUG - receive_response_body.started request= +2025-08-17 20:18:07,455 - DEBUG - receive_response_body.complete +2025-08-17 20:18:07,455 - DEBUG - response_closed.started +2025-08-17 20:18:07,455 - DEBUG - response_closed.complete +2025-08-17 20:18:07,456 - INFO - LLM Response: After analyzing the system and network data, I have found a concerning anomaly. + +The system logs indicate a parsing error in multiple logs from the `systembridge` process, specifically "Fallback regex failed: not enough values to unpack (expected 5, got 4)" for each log entry. This suggests that there may be an issue with the logging configuration or a bug in the code processing these logs. The severity of this anomaly is medium as it indicates a potential issue with data collection and parsing, which could impact system monitoring and troubleshooting. + +Additionally, I would like to note that while the network metrics appear normal, it's essential to continue monitoring the system for any changes or updates that might reveal further issues. +2025-08-17 20:18:07,456 - INFO - Anomaly detected, sending alerts... +2025-08-17 20:18:07,457 - DEBUG - Starting new HTTPS connection (1): discord.com:443 +2025-08-17 20:18:07,664 - DEBUG - https://discord.com:443 "POST /api/webhooks/1024892743987773471/3Oh1KOw9tevBd-XtUkj8Rz2K4SePCFsxKmRrHhQw5spDeZKNzoyYoq6zC2cnTKo8VjJn?wait=True HTTP/1.1" 200 None +2025-08-17 20:18:07,665 - DEBUG - Webhook executed +2025-08-17 20:18:07,665 - INFO - Discord alert sent. +2025-08-17 20:18:07,666 - DEBUG - Starting new HTTP connection (1): 192.168.2.112:8123 +2025-08-17 20:18:07,673 - DEBUG - http://192.168.2.112:8123 "POST /api/services/tts/speak HTTP/1.1" 200 10 +2025-08-17 20:18:07,673 - INFO - Google Home alert sent. +2025-08-17 20:18:07,674 - INFO - --- Cycle Complete, sleeping for 5 minutes --- +2025-08-17 20:23:07,674 - INFO - --- Running Monitoring Cycle --- +2025-08-17 20:23:07,680 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:22:38.789409-05:00 homelab systembridge[1156]: 2025-08-18T01:22:38.788961205Z #033[36mDEBUG#033[0m (11) [systembridge::shared] Data path: /home/artanis/.local/share/timmo001 - Unable to parse message: '2025-08-17T20:22:38.789409-05:00 homelab systembridge[1156]: 2025-08-18T01:22:38.788961205Z #033[36mDEBUG#033[0m (11) [systembridge::shared] Data path: /home/artanis/.local/share/timmo001' +2025-08-17 20:23:07,680 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:22:38.789409-05:00 homelab systembridge[1156]: 2025-08-18T01:22:38.788961205Z #033[36mDEBUG#033[0m (11) [systembridge::shared] Data path: /home/artanis/.local/share/timmo001 - not enough values to unpack (expected 5, got 4) +2025-08-17 20:23:07,680 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:22:38.789442-05:00 homelab systembridge[1156]: 2025-08-18T01:22:38.789006559Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/ - Unable to parse message: '2025-08-17T20:22:38.789442-05:00 homelab systembridge[1156]: 2025-08-18T01:22:38.789006559Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/' +2025-08-17 20:23:07,680 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:22:38.789442-05:00 homelab systembridge[1156]: 2025-08-18T01:22:38.789006559Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/ - not enough values to unpack (expected 5, got 4) +2025-08-17 20:23:07,680 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:22:38.799777-05:00 homelab systembridge[1156]: 2025-08-18T01:22:38.799702684Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/ - Unable to parse message: '2025-08-17T20:22:38.799777-05:00 homelab systembridge[1156]: 2025-08-18T01:22:38.799702684Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/' +2025-08-17 20:23:07,680 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:22:38.799777-05:00 homelab systembridge[1156]: 2025-08-18T01:22:38.799702684Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/ - not enough values to unpack (expected 5, got 4) +2025-08-17 20:23:07,680 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:22:38.802306-05:00 homelab systembridge[1156]: 2025-08-18T01:22:38.802235475Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running - Unable to parse message: '2025-08-17T20:22:38.802306-05:00 homelab systembridge[1156]: 2025-08-18T01:22:38.802235475Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running' +2025-08-17 20:23:07,681 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:22:38.802306-05:00 homelab systembridge[1156]: 2025-08-18T01:22:38.802235475Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running - not enough values to unpack (expected 5, got 4) +2025-08-17 20:23:07,681 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:22:38.802393-05:00 homelab systembridge[1156]: 2025-08-18T01:22:38.802282347Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again - Unable to parse message: '2025-08-17T20:22:38.802393-05:00 homelab systembridge[1156]: 2025-08-18T01:22:38.802282347Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again' +2025-08-17 20:23:07,681 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:22:38.802393-05:00 homelab systembridge[1156]: 2025-08-18T01:22:38.802282347Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again - not enough values to unpack (expected 5, got 4) +2025-08-17 20:23:07,681 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:22:42.153643-05:00 homelab systemd[1]: motd-news.service: Deactivated successfully. - Unable to parse message: '2025-08-17T20:22:42.153643-05:00 homelab systemd[1]: motd-news.service: Deactivated successfully.' +2025-08-17 20:23:07,681 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:22:42.153643-05:00 homelab systemd[1]: motd-news.service: Deactivated successfully. - not enough values to unpack (expected 5, got 4) +2025-08-17 20:23:07,681 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:22:42.153795-05:00 homelab systemd[1]: Finished motd-news.service - Message of the Day. - Unable to parse message: '2025-08-17T20:22:42.153795-05:00 homelab systemd[1]: Finished motd-news.service - Message of the Day.' +2025-08-17 20:23:07,681 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:22:42.153795-05:00 homelab systemd[1]: Finished motd-news.service - Message of the Day. - not enough values to unpack (expected 5, got 4) +2025-08-17 20:23:07,681 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:22:46.842670-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:22:46.842Z"} - Unable to parse message: '2025-08-17T20:22:46.842670-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:22:46.842Z"}' +2025-08-17 20:23:07,681 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:22:46.842670-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:22:46.842Z"} - not enough values to unpack (expected 5, got 4) +2025-08-17 20:23:07,681 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:22:56.848015-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:22:56.846Z"} - Unable to parse message: '2025-08-17T20:22:56.848015-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:22:56.846Z"}' +2025-08-17 20:23:07,681 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:22:56.848015-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:22:56.846Z"} - not enough values to unpack (expected 5, got 4) +2025-08-17 20:23:07,681 - DEBUG - RFC5424 parsing failed for: 2025-08-17T20:23:06.852047-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:23:06.851Z"} - Unable to parse message: '2025-08-17T20:23:06.852047-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:23:06.851Z"}' +2025-08-17 20:23:07,682 - WARNING - Fallback regex parsing failed for: 2025-08-17T20:23:06.852047-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:23:06.851Z"} - not enough values to unpack (expected 5, got 4) +2025-08-17 20:23:07,682 - INFO - System Logs: [{'raw_log': '2025-08-17T20:22:38.789409-05:00 homelab systembridge[1156]: 2025-08-18T01:22:38.788961205Z #033[36mDEBUG#033[0m (11) [systembridge::shared] Data path: /home/artanis/.local/share/timmo001', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:22:38.789442-05:00 homelab systembridge[1156]: 2025-08-18T01:22:38.789006559Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:22:38.799777-05:00 homelab systembridge[1156]: 2025-08-18T01:22:38.799702684Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:22:38.802306-05:00 homelab systembridge[1156]: 2025-08-18T01:22:38.802235475Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:22:38.802393-05:00 homelab systembridge[1156]: 2025-08-18T01:22:38.802282347Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:22:42.153643-05:00 homelab systemd[1]: motd-news.service: Deactivated successfully.', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:22:42.153795-05:00 homelab systemd[1]: Finished motd-news.service - Message of the Day.', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:22:46.842670-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:22:46.842Z"}', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:22:56.848015-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:22:56.846Z"}', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}, {'raw_log': '2025-08-17T20:23:06.852047-05:00 homelab node[1831764]: info: Running polling check... {"timestamp":"2025-08-18T01:23:06.851Z"}', 'parsing_error': 'Fallback regex failed: not enough values to unpack (expected 5, got 4)'}] +2025-08-17 20:23:09,719 - DEBUG - Raw ping output: PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. +64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=21.6 ms +64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=136 ms +64 bytes from 8.8.8.8: icmp_seq=3 ttl=111 time=32.2 ms + +--- 8.8.8.8 ping statistics --- +3 packets transmitted, 3 received, 0% packet loss, time 2003ms +rtt min/avg/max/mdev = 21.627/63.318/136.160/51.686 ms + +2025-08-17 20:23:09,719 - INFO - Network Metrics: {'packet_loss_percent': 0.0, 'round_trip_ms_min': 21.627, 'round_trip_ms_avg': 63.318, 'round_trip_ms_max': 136.16, 'raw_ping_output': 'PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.\n64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=21.6 ms\n64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=136 ms\n64 bytes from 8.8.8.8: icmp_seq=3 ttl=111 time=32.2 ms\n\n--- 8.8.8.8 ping statistics ---\n3 packets transmitted, 3 received, 0% packet loss, time 2003ms\nrtt min/avg/max/mdev = 21.627/63.318/136.160/51.686 ms\n'} +2025-08-17 20:23:09,719 - INFO - Combined Data: { + "system_logs": [ + { + "raw_log": "2025-08-17T20:22:38.789409-05:00 homelab systembridge[1156]: 2025-08-18T01:22:38.788961205Z #033[36mDEBUG#033[0m (11) [systembridge::shared] Data path: /home/artanis/.local/share/timmo001", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:22:38.789442-05:00 homelab systembridge[1156]: 2025-08-18T01:22:38.789006559Z #033[32mINFO#033[0m (11) [systembridge::backend] Checking backend server: http://127.0.0.1:9170/", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:22:38.799777-05:00 homelab systembridge[1156]: 2025-08-18T01:22:38.799702684Z #033[36mDEBUG#033[0m (11) [reqwest::connect] starting new connection: http://127.0.0.1:9170/", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:22:38.802306-05:00 homelab systembridge[1156]: 2025-08-18T01:22:38.802235475Z #033[32mINFO#033[0m (11) [systembridge::backend] Backend server is already running", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:22:38.802393-05:00 homelab systembridge[1156]: 2025-08-18T01:22:38.802282347Z #033[32mINFO#033[0m (11) [systembridge] Waiting for 60 seconds before checking the backend server again", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:22:42.153643-05:00 homelab systemd[1]: motd-news.service: Deactivated successfully.", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:22:42.153795-05:00 homelab systemd[1]: Finished motd-news.service - Message of the Day.", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:22:46.842670-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-18T01:22:46.842Z\"}", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:22:56.848015-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-18T01:22:56.846Z\"}", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + }, + { + "raw_log": "2025-08-17T20:23:06.852047-05:00 homelab node[1831764]: info: Running polling check... {\"timestamp\":\"2025-08-18T01:23:06.851Z\"}", + "parsing_error": "Fallback regex failed: not enough values to unpack (expected 5, got 4)" + } + ], + "network_metrics": { + "packet_loss_percent": 0.0, + "round_trip_ms_min": 21.627, + "round_trip_ms_avg": 63.318, + "round_trip_ms_max": 136.16, + "raw_ping_output": "PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.\n64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=21.6 ms\n64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=136 ms\n64 bytes from 8.8.8.8: icmp_seq=3 ttl=111 time=32.2 ms\n\n--- 8.8.8.8 ping statistics ---\n3 packets transmitted, 3 received, 0% packet loss, time 2003ms\nrtt min/avg/max/mdev = 21.627/63.318/136.160/51.686 ms\n" + } +} +2025-08-17 20:23:09,732 - DEBUG - connect_tcp.started host='192.168.2.114' port=11434 local_address=None timeout=None socket_options=None +2025-08-17 20:23:09,733 - DEBUG - connect_tcp.complete return_value= +2025-08-17 20:23:09,733 - DEBUG - send_request_headers.started request= +2025-08-17 20:23:09,733 - DEBUG - send_request_headers.complete +2025-08-17 20:23:09,733 - DEBUG - send_request_body.started request= +2025-08-17 20:23:09,733 - DEBUG - send_request_body.complete +2025-08-17 20:23:09,733 - DEBUG - receive_response_headers.started request= +2025-08-17 20:23:32,253 - DEBUG - receive_response_headers.complete return_value=(b'HTTP/1.1', 200, b'OK', [(b'Content-Type', b'application/json; charset=utf-8'), (b'Date', b'Mon, 18 Aug 2025 01:23:32 GMT'), (b'Transfer-Encoding', b'chunked')]) +2025-08-17 20:23:32,254 - INFO - HTTP Request: POST http://192.168.2.114:11434/api/generate "HTTP/1.1 200 OK" +2025-08-17 20:23:32,254 - DEBUG - receive_response_body.started request= +2025-08-17 20:23:32,254 - DEBUG - receive_response_body.complete +2025-08-17 20:23:32,254 - DEBUG - response_closed.started +2025-08-17 20:23:32,254 - DEBUG - response_closed.complete +2025-08-17 20:23:32,255 - INFO - LLM Response: After analyzing the system data, I have found no *concerning* anomalies that indicate potential security intrusions, loss of connections, or unexpected network additions. The provided logs seem to be related to normal system and network operations, with some minor parsing errors in the log processing. + +However, upon closer inspection, I did notice a few events that might be considered worthy of further investigation: + +- "Fallback regex failed: not enough values to unpack (expected 5, got 4)" appears multiple times throughout the logs. While these errors are likely due to normal system operations or configuration issues rather than malicious activity, they may warrant further inspection. + +Considering these findings, I do not have a reportable anomaly but suggest investigating the parsing errors for any underlying causes or corrections that could improve system stability and logging quality. +2025-08-17 20:23:32,255 - INFO - Anomaly detected, sending alerts... +2025-08-17 20:23:32,256 - DEBUG - Starting new HTTPS connection (1): discord.com:443 +2025-08-17 20:23:32,678 - DEBUG - https://discord.com:443 "POST /api/webhooks/1024892743987773471/3Oh1KOw9tevBd-XtUkj8Rz2K4SePCFsxKmRrHhQw5spDeZKNzoyYoq6zC2cnTKo8VjJn?wait=True HTTP/1.1" 200 None +2025-08-17 20:23:32,679 - DEBUG - Webhook executed +2025-08-17 20:23:32,679 - INFO - Discord alert sent. +2025-08-17 20:23:32,680 - DEBUG - Starting new HTTP connection (1): 192.168.2.112:8123 +2025-08-17 20:23:32,686 - DEBUG - http://192.168.2.112:8123 "POST /api/services/tts/speak HTTP/1.1" 200 10 +2025-08-17 20:23:32,687 - INFO - Google Home alert sent. +2025-08-17 20:23:32,687 - INFO - --- Cycle Complete, sleeping for 5 minutes --- diff --git a/monitor_agent.py b/monitor_agent.py index 8fb58f6..cbce444 100644 --- a/monitor_agent.py +++ b/monitor_agent.py @@ -1,184 +1,165 @@ -import json -import platform -import subprocess -import time -import logging -from syslog_rfc5424_parser import SyslogMessage -import jc -import ollama -from discord_webhook import DiscordWebhook, DiscordEmbed -import requests -import config +# LLM-Powered Monitoring Agent -# --- Logging Configuration --- -logging.basicConfig(level=logging.INFO, - format='%(asctime)s - %(levelname)s - %(message)s', - handlers=[ - logging.FileHandler("monitor_agent.log"), - logging.StreamHandler() - ]) +import time +import json +import subprocess +import ollama +from discord_webhook import DiscordWebhook +import requests +import data_storage + +# Load configuration +import config # --- Data Ingestion & Parsing Functions --- def get_system_logs(): - """ - Simulates collecting and parsing a system log entry. - - This function uses a mock syslog entry and parses it using the - syslog-rfc5424-parser library. - - Returns: - dict: A dictionary representing the parsed log entry. - """ - mock_log_entry = '<165>1 2025-08-15T12:00:00Z my-host app-name - - [meta sequenceId="1"] { "log": "Failed login attempt for user \'root\' from 10.0.0.1" }' + """Simulates collecting and parsing system logs.""" + # Mock log entry for demonstration + mock_log_entry = '{"timestamp": "2025-08-15T12:00:00Z", "log": "Failed login attempt for user \'root\' from 10.0.0.1"}' try: - parsed_log = SyslogMessage.parse(mock_log_entry) - if parsed_log.msg: - try: - log_content = json.loads(parsed_log.msg) - return log_content - except json.JSONDecodeError: - logging.warning(f"Could not parse log message as JSON: {parsed_log.msg}") - return {"log": parsed_log.msg} - except Exception as e: - logging.error(f"Error parsing syslog message: {e}") - return {} + parsed_log = json.loads(mock_log_entry) + return parsed_log + except json.JSONDecodeError as e: + print(f"Error parsing system log: {e}") + return None def get_network_metrics(): - """ - Simulates collecting and parsing network data by running the ping command. - - This function uses the `ping` command to generate network statistics - and the `jc` library to parse the output into a structured format. - - Returns: - dict: A dictionary containing the parsed network metrics. - """ - ping_param = '-n' if platform.system() == "Windows" else '-c' + """Simulates collecting and parsing network data.""" + # Mock ping output for demonstration + mock_ping_output = '''{"destination_ip":"8.8.8.8","data_bytes":56,"pattern":null,"destination":"8.8.8.8","duplicates":0,"packets_transmitted":3,"packets_received":3,"packet_loss_percent":0.0,"time_ms":2003.0,"round_trip_ms_min":18.79,"round_trip_ms_avg":21.212,"round_trip_ms_max":22.787,"round_trip_ms_stddev":1.738,"responses":[{"type":"reply","timestamp":null,"bytes":64,"response_ip":"8.8.8.8","icmp_seq":1,"ttl":111,"time_ms":18.8,"duplicate":false},{"type":"reply","timestamp":null,"bytes":64,"response_ip":"8.8.8.8","icmp_seq":2,"ttl":111,"time_ms":22.8,"duplicate":false},{"type":"reply","timestamp":null,"bytes":64,"response_ip":"8.8.8.8","icmp_seq":3,"ttl":111,"time_ms":22.1,"duplicate":false}]}''' try: - ping_output = subprocess.run(['ping', ping_param, '3', '8.8.8.8'], capture_output=True, text=True, check=True).stdout - parsed_metrics = jc.parse('ping', ping_output) - if parsed_metrics and isinstance(parsed_metrics, list): - return parsed_metrics[0] - else: - logging.warning("Could not parse ping output with jc. Returning raw output.") - return {"ping_output": ping_output} - except (subprocess.CalledProcessError, FileNotFoundError) as e: - logging.error(f"Error running ping command: {e}") - return {"error": str(e)} - return {} - + parsed_ping = json.loads(mock_ping_output) + if parsed_ping: + return { + "packets_transmitted": parsed_ping.get("packets_transmitted"), + "packets_received": parsed_ping.get("packets_received"), + "packet_loss_percent": parsed_ping.get("packet_loss_percent"), + "round_trip_ms_avg": parsed_ping.get("round_trip_ms_avg"), + } + return None + except json.JSONDecodeError as e: + print(f"Error parsing network metrics: {e}") + return None # --- LLM Interaction Function --- -def analyze_data_with_llm(data): +def analyze_data_with_llm(data, baselines): + """Analyzes data with the local LLM.""" + prompt = f""" + **Role:** You are a dedicated and expert system administrator. Your primary role is to identify anomalies and provide concise, actionable reports. + + **Instruction:** Analyze the following system and network data for any activity that appears out of place or different. Consider unusual values, errors, or unexpected patterns as anomalies. Compare the current data with the historical baseline data to identify significant deviations. + + **Context:** + Here is the system data in JSON format for your analysis: {json.dumps(data, indent=2)} + + **Historical Baseline Data:** + {json.dumps(baselines, indent=2)} + + **Output Request:** If you find an anomaly, provide a report as a single, coherent, natural language paragraph. The report must clearly state the anomaly, its potential cause, and its severity (e.g., high, medium, low). If no anomaly is found, respond with "OK". + + **Reasoning Hint:** Think step by step to come to your conclusion. This is very important. """ - Analyzes the given data with a local LLM to detect anomalies. - - Args: - data (dict): The structured data to analyze. - - Returns: - str: The raw response text from the LLM. - """ - structured_data_as_string = json.dumps(data, indent=2) - prompt = f"""Role: You are a dedicated and expert system administrator. Your primary role is to identify anomalies and provide concise, actionable reports. -Instruction: Analyze the following system and network data for any activity that appears out of place or different. Consider unusual values, errors, or unexpected patterns as anomalies. -Context: Here is the system data in JSON format for your analysis: {structured_data_as_string} -Output Request: If you find an anomaly, provide a report as a single, coherent, natural language paragraph. The report must clearly state the anomaly, its potential cause, and its severity (e.g., high, medium, low). If no anomaly is found, respond with \"OK\". -Reasoning Hint: Think step by step to come to your conclusion. This is very important.""" - try: - client = ollama.Client(host=config.OLLAMA_HOST) - response = client.generate( - model="llama3.1:8b", - prompt=prompt - ) + response = ollama.generate(model="llama3.1:8b", prompt=prompt) return response['response'].strip() except Exception as e: - logging.error(f"Error communicating with Ollama: {e}") - return f"Error communicating with Ollama: {e}" + print(f"Error interacting with LLM: {e}") + return None + # --- Alerting Functions --- def send_discord_alert(message): - """ - Sends an alert message to a Discord webhook. - - Args: - message (str): The message to send. - """ - if config.DISCORD_WEBHOOK_URL == "YOUR_DISCORD_WEBHOOK_URL_HERE": - logging.info("Skipping Discord alert: Webhook URL not configured.") - return - - webhook = DiscordWebhook(url=config.DISCORD_WEBHOOK_URL) - embed = DiscordEmbed(title="Anomaly Detected!", description=message, color='FF0000') - webhook.add_embed(embed) + """Sends an alert to Discord.""" + webhook = DiscordWebhook(url=config.DISCORD_WEBHOOK_URL, content=message) try: response = webhook.execute() - logging.info("Discord alert sent.") + if response.status_code == 200: + print("Discord alert sent successfully.") + else: + print(f"Error sending Discord alert: {response.status_code} - {response.content}") except Exception as e: - logging.error(f"Error sending Discord alert: {e}") + print(f"Error sending Discord alert: {e}") def send_google_home_alert(message): - """ - Sends an alert message to a Google Home speaker via Home Assistant. - - Args: - message (str): The message to be spoken. - """ - if config.HOME_ASSISTANT_URL == "http://YOUR_HOME_ASSISTANT_IP:8123": - logging.info("Skipping Google Home alert: Home Assistant URL not configured.") - return + """Sends an alert to a Google Home speaker via Home Assistant.""" + # Simplify the message for better TTS delivery + simplified_message = message.split('.')[0] # Take the first sentence url = f"{config.HOME_ASSISTANT_URL}/api/services/tts/speak" headers = { "Authorization": f"Bearer {config.HOME_ASSISTANT_TOKEN}", "Content-Type": "application/json", } - payload = { + data = { "entity_id": "tts.google_en_com", "media_player_entity_id": config.GOOGLE_HOME_SPEAKER_ID, - "message": message, + "message": simplified_message, } - try: - response = requests.post(url, headers=headers, json=payload) - response.raise_for_status() - logging.info("Google Home alert sent.") - except requests.exceptions.RequestException as e: - logging.error(f"Error sending Google Home alert: {e}") + response = requests.post(url, headers=headers, json=data) + if response.status_code == 200: + print("Google Home alert sent successfully.") + else: + print(f"Error sending Google Home alert: {response.status_code} - {response.text}") + except Exception as e: + print(f"Error sending Google Home alert: {e}") # --- Main Script Logic --- -def main(): - """ - The main execution loop for the monitoring agent. - """ - while True: - logging.info("--- Running Monitoring Cycle ---") - system_logs = get_system_logs() - logging.info(f"System Logs: {system_logs}") - network_metrics = get_network_metrics() - logging.info(f"Network Metrics: {network_metrics}") - - combined_data = { - "system_logs": system_logs, - "network_metrics": network_metrics - } - logging.info(f"Combined Data: {json.dumps(combined_data, indent=2)}") - - llm_response = analyze_data_with_llm(combined_data) - logging.info(f"LLM Response: {llm_response}") - - if llm_response != "OK": - logging.info("Anomaly detected, sending alerts...") - send_discord_alert(llm_response) - send_google_home_alert(llm_response) - - logging.info("--- Cycle Complete, sleeping for 5 minutes ---") - time.sleep(300) # 300 seconds = 5 minutes +daily_events = [] if __name__ == "__main__": - main() \ No newline at end of file + if config.TEST_MODE: + print("Running in test mode...") + system_logs = get_system_logs() + network_metrics = get_network_metrics() + + if system_logs and network_metrics: + combined_data = { + "system_logs": system_logs, + "network_metrics": network_metrics + } + data_storage.store_data(combined_data) + + llm_response = analyze_data_with_llm(combined_data, data_storage.calculate_baselines()) + + if llm_response and llm_response != "OK": + print(f"Anomaly detected: {llm_response}") + if "high" in llm_response.lower(): + send_discord_alert(llm_response) + send_google_home_alert(llm_response) + else: + print("No anomaly detected.") + else: + while True: + print("Running monitoring cycle...") + system_logs = get_system_logs() + network_metrics = get_network_metrics() + + if system_logs and network_metrics: + combined_data = { + "system_logs": system_logs, + "network_metrics": network_metrics + } + + llm_response = analyze_data_with_llm(combined_data, data_storage.calculate_baselines()) + + if llm_response and llm_response != "OK": + daily_events.append(llm_response) + if "high" in llm_response.lower(): + send_discord_alert(llm_response) + send_google_home_alert(llm_response) + + # Daily Recap Logic + current_time = time.strftime("%H:%M") + if current_time == config.DAILY_RECAP_TIME and daily_events: + recap_message = "\n".join(daily_events) + send_discord_alert(f"**Daily Recap:**\n{recap_message}") + daily_events = [] # Reset for the next day + + time.sleep(300) # Run every 5 minutes + + diff --git a/requirements.txt b/requirements.txt index c7d8447..6e5dbea 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,4 +3,4 @@ discord-webhook requests syslog-rfc5424-parser apachelogs -jc +jc \ No newline at end of file