@77io/nginx-logs-watcher 中文文档教程
nginx-logs-watcher
此实用程序服务监视 nginx access.log 文件并查找可疑模式和行为。
您可以通过运行以下命令全局安装 nginx-logs-watcher。
$npm install -g @77io/nginx-logs-watcher
Setup
请务必设置以下环境变量以正确配置服务。
NODE_DEBUG
布尔值 设置为 true 以在调试模式下运行服务。
LOG_FILE
字符串 要监视的日志文件的绝对路径。 /var/log/nginx/access.log 是默认的 nginx 访问日志文件路径。
DEBOUNCE_SECONDS
数量 60 默认 日志文件更改以搜索模式之间的秒数。 将此值设置得太低可能会导致性能问题。 (我通常以 300 运行它)。
SLACK_TOKEN
字符串 该服务使用 slack 通知管理员可疑活动。 这个令牌可以通过在 Slack 中创建一个私人应用程序来获得。 在此处了解如何构建私有应用程序。
SLACK_CHANNEL
字符串 要将消息发布到的松弛通道 ID。
SERVER_NAME
字符串 用于标识服务器的友好字符串。 这将与可疑活动一起共享。
DETECTOR_SENSITIVITY
数量 20 默认 这决定了检测过程的灵敏度。 数字本身是任意的,但较小的数字会选择较小的模式,而较大的数字将需要较大的模式来发出问题。
Example .env file
NODE_DEBUG=false
LOG_FILE=/var/logs/nginx/access.log
DEBOUNCE_SECONDS=300
SLACK_TOKEN=xoxb-YOUR-TOKEN-HERE
SERVER_NAME=DevelopmentServers
SLACK_CHANNEL=CHANNELID
DETECTOR_SENSITIVITY=20
Running with systemd
这是一个示例服务文件,它将在失败时重新启动日志观察程序。 它还设置了环境变量。 此示例假设典型安装了 NodeJS 和全局安装的 nginx-logs-watcher。
[Unit]
Description=NginxLogsWatcher
[Service]
ExecStart=/usr/bin/node /opt/nodejs/lib/node_modules/@77io/nginx-logs-watcher/bin/index.js
Restart=on-failure
Environment=NODE_DEBUG=false LOG_FILE=/var/log/nginx/access.log DEBOUNCE_SECONDS=100 SLACK_TOKEN=xoxb-YOUR-TOKEN-HERE SLACK_CHANNEL=SLACKCHANNELID SERVER_NAME=DevelopmentServer DETECTOR_SENSITIVITY=20
[Install]
WantedBy=multi-user.target
nginx-logs-watcher
This utility service monitors the nginx access.log file and looks for suspicious patterns and behaviors.
You can install nginx-logs-watcher globally by running the following command.
$npm install -g @77io/nginx-logs-watcher
Setup
Be sure to set the following environment variables to configure the service correctly.
NODE_DEBUG
boolean Set to true to run the service in debug mode.
LOG_FILE
string Absolute path to the log file you want to monitor. /var/log/nginx/access.log is the defualt nginx access logs file path.
DEBOUNCE_SECONDS
number 60 default The number of seconds between log file changes to search for patterns. Keeping this value too low may cause performance issues. (I typically run this at 300).
SLACK_TOKEN
string This service uses slack to notify admins on suspicious activity. This token can be obtained by creating a private app in Slack. Learn about building private apps here here.
SLACK_CHANNEL
string The slack channel id to post the message to.
SERVER_NAME
string Friendly string to identify the server. This will be shared along with the suspicious activity.
DETECTOR_SENSITIVITY
number 20 default This determines the sensitivity of the detection process. The number itself is arbitrary, but smaller numbers will pickup smaller patterns while larger numbers will need larger patterns to emit a problem.
Example .env file
NODE_DEBUG=false
LOG_FILE=/var/logs/nginx/access.log
DEBOUNCE_SECONDS=300
SLACK_TOKEN=xoxb-YOUR-TOKEN-HERE
SERVER_NAME=DevelopmentServers
SLACK_CHANNEL=CHANNELID
DETECTOR_SENSITIVITY=20
Running with systemd
Here is an example service file that will restart the log watcher on failure. It also sets up the environment variables. This example assumes a typically installation of NodeJS and nginx-logs-watcher installed globally.
[Unit]
Description=NginxLogsWatcher
[Service]
ExecStart=/usr/bin/node /opt/nodejs/lib/node_modules/@77io/nginx-logs-watcher/bin/index.js
Restart=on-failure
Environment=NODE_DEBUG=false LOG_FILE=/var/log/nginx/access.log DEBOUNCE_SECONDS=100 SLACK_TOKEN=xoxb-YOUR-TOKEN-HERE SLACK_CHANNEL=SLACKCHANNELID SERVER_NAME=DevelopmentServer DETECTOR_SENSITIVITY=20
[Install]
WantedBy=multi-user.target
