# Web Log Security Monitor

Analyzes Traefik access logs using a local LLM (llama.cpp) and sends alerts via Gotify when suspicious activity is detected.

## Docker Setup (Recommended)

Run alongside Traefik on barge.lan:

1. Copy the project to barge:
   ```bash
   scp -r . barge.lan:/mnt/docker/web-log-monitor/
   ```

2. Create config from Docker template:
   ```bash
   ssh barge.lan
   cd /mnt/docker/web-log-monitor
   cp config.docker.py config.py
   nano config.py  # Add your GOTIFY_TOKEN
   ```

3. Start the container:
   ```bash
   docker compose up -d
   ```

4. View logs:
   ```bash
   docker logs -f web-log-monitor
   ```

## Standalone Setup

For running on athena.lan (via SSH to barge):

1. Copy the config file and add your Gotify token:
   ```bash
   cp config.example.py config.py
   nano config.py  # Add your GOTIFY_TOKEN
   ```

2. Test manually:
   ```bash
   python3 web-log-monitor.py --verbose --dry-run
   ```

3. Add to cron (hourly):
   ```bash
   crontab -e
   # Add: 0 * * * * cd /path/to/web-log-monitor && python3 web-log-monitor.py
   ```

## Configuration

Edit `config.py`:

| Setting | Description |
|---------|-------------|
| `LLAMA_URL` | llama.cpp server endpoint |
| `MODEL` | Model name to use |
| `GOTIFY_URL` | Gotify server URL |
| `GOTIFY_TOKEN` | Gotify app token |
| `LOG_MODE` | `"local"` or `"ssh"` |
| `LOG_PATH` | Path to access.log |
| `BARGE_HOST` | SSH host (only for ssh mode) |
| `STATE_DIR` | Directory for state file |
| `BATCH_SIZE` | Lines per LLM call |
| `MAX_LINES_PER_RUN` | Max lines per execution |

## Command Line Options

```
python3 web-log-monitor.py [OPTIONS]

  -v, --verbose  Show detailed log statistics
  --dry-run      Analyze without sending alerts or updating state
```

## How It Works

1. Reads new logs (local file or via SSH)
2. Checks for obvious attack patterns (immediate alerts)
3. Filters noise (health checks, static assets)
4. Sends remaining logs to LLM for analysis
5. Consolidates findings and alerts via Gotify

## Files

```
├── Dockerfile
├── docker-compose.yml
├── config.py              # Your config (gitignored)
├── config.example.py      # Template for standalone
├── config.docker.py       # Template for Docker
├── requirements.txt
├── web-log-monitor.py
└── systemd/               # Optional systemd units
```