aj/web-log-monitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Only log high/critical findings to abuse log for fail2ban

Browse Source 
Previously all LLM-flagged findings were written to the abuse log,
causing fail2ban to potentially ban IPs for low-severity activity.
Now only high and critical severity findings trigger abuse logging.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
AJ Isaacs
2026-02-09 21:07:59 -05:00
parent b13e69a44f
commit 1a06eeb601
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
web-log-monitor.py
View File

@@ -619,7 +619,8 @@ def process_batch(logs, args):
)
except Exception as e:
print(f" Failed to record LLM finding to DB: {e}")
log_abuse(ip, f.get("type", "unknown"))
if f.get("severity") in ("high", "critical"):
log_abuse(ip, f.get("type", "unknown"))
all_findings.extend(findings)
print(f" LLM found suspicious activity: {result.get('summary')}")