- Python 100%
| .gitignore | ||
| LICENSE | ||
| logangler.py | ||
| logangler.service | ||
| README.md | ||
LogAngler
LogAngler is a Python script that fishes out events from systemd journals (logs) and sends Discord messages on behalf of a bot.
Installation
Copy the python script to a convenient location:
sudo cp logangler.py /usr/local/bin/logangler.py
Copy the example systemd service file:
Note: the example service file runs logangler as a user named serverbot.
You will need to create this user or change the user in the service file.
The user will need to be able to read the systemd journals, which is easily
accomplished by adding them to the systemd-journal group.
sudo cp logangler.service /etc/systemd/system/
Create a configuration file:
sudo nano /etc/logangler.json
This should have the following structure:
{
"journals": [
{
"name": "Fail2Ban",
"unit": "fail2ban.service",
"events": [
{ "name": "Banned", "pattern": "^.*NOTICE\\s+\\[(?P<Rule>\\S+)\\] Ban (?P<IP>\\S+)$", "color": 13056570},
{ "name": "Ban Expired", "pattern": "^.*NOTICE\\s+\\[(?P<Rule>\\S+)\\] Unban (?P<IP>\\S+)$", "color": 8243079 }
]
}
],
"token": "xxxxxxx",
"channel": "nnnnnnnnnnnn"
}
journals is a list of journals to monitor. name is the name that will be
reported in discord, unit is the systemd unit to monitor.
events define what events to monitor for. Each event has a name that id
displayed in Discord, a RegEx pattern that defines when the event occurs in
the log, and an optional color to show in the embed in Discord.
token is the bot token to authenticate with.
channel is the Discord channel ID to post messages to.
Once the above is complete, reload systemd and start the service:
sudo systemctl daemon-reload
sudo systemctl start logangler