Initial commit: custom OpenClaw skills from docker-test
- workspace: capmetro-monitor, github-notifications, model-selector - workspace-security: vt-monitor, monitor-unauthorized - workspace-home: cron-manager, monitor-unauthorized - extensions: vt-sentinel (VT-Sentinel plugin) Includes sync.sh for pull/push, README, AGENTS.md, .gitignore.
This commit is contained in:
76
workspace-security/monitor-unauthorized/scripts/log-splitter.sh
Executable file
76
workspace-security/monitor-unauthorized/scripts/log-splitter.sh
Executable file
@@ -0,0 +1,76 @@
|
||||
#!/bin/bash
|
||||
# Log splitter for monitor-unauthorized
|
||||
# Extracts unauthorized WebSocket connection entries from the gateway log
|
||||
# into a dedicated log file for efficient incremental processing.
|
||||
#
|
||||
# Usage:
|
||||
# bash log-splitter.sh — extract recent entries (batch mode)
|
||||
# bash log-splitter.sh --full — re-extract from entire log (rebuild)
|
||||
#
|
||||
# Filters for log lines containing:
|
||||
# - "forwardedFor" AND ("unauthorized" OR "pairing-required")
|
||||
#
|
||||
# Output: /tmp/openclaw/unauthorized-connections.log
|
||||
# Each line is a valid JSON object extracted from the gateway log.
|
||||
|
||||
set -e
|
||||
|
||||
GATEWAY_LOG="/tmp/openclaw/openclaw.log"
|
||||
UNAUTH_LOG="/tmp/openclaw/unauthorized-connections.log"
|
||||
STATE_DIR="/home/node/.openclaw/workspace-security/memory"
|
||||
OFFSET_FILE="$STATE_DIR/unauth-splitter-offset"
|
||||
|
||||
mkdir -p "$STATE_DIR"
|
||||
touch "$UNAUTH_LOG"
|
||||
|
||||
FULL_MODE=false
|
||||
[ "${1:-}" = "--full" ] && FULL_MODE=true
|
||||
|
||||
if [ ! -f "$GATEWAY_LOG" ]; then
|
||||
echo '{"error":"Gateway log not found","log":"'"$GATEWAY_LOG"'"}' >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
FILE_SIZE=$(stat -c%s "$GATEWAY_LOG")
|
||||
|
||||
# Determine where to start reading
|
||||
LAST_OFFSET=0
|
||||
if [ -f "$OFFSET_FILE" ] && [ "$FULL_MODE" != "true" ]; then
|
||||
LAST_OFFSET=$(cat "$OFFSET_FILE")
|
||||
fi
|
||||
|
||||
# If file shrank (log rotation), reset
|
||||
if [ "$LAST_OFFSET" -gt "$FILE_SIZE" ]; then
|
||||
LAST_OFFSET=0
|
||||
fi
|
||||
|
||||
BYTES_NEW=$((FILE_SIZE - LAST_OFFSET))
|
||||
|
||||
if [ "$BYTES_NEW" -le 0 ]; then
|
||||
echo "$FILE_SIZE" > "$OFFSET_FILE"
|
||||
echo '{"new_lines":0,"total_lines":'$(wc -l < "$UNAUTH_LOG" | tr -d ' ')'}'
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Extract unauthorized connection lines from new bytes
|
||||
# Filter: must have forwardedFor AND be unauthorized/pairing-required
|
||||
NEW_LINES=0
|
||||
TMPFILE=$(mktemp)
|
||||
trap "rm -f $TMPFILE" EXIT
|
||||
|
||||
tail -c +"$((LAST_OFFSET + 1))" "$GATEWAY_LOG" \
|
||||
| grep '"forwardedFor"' \
|
||||
| grep -E '"unauthorized"|"pairing-required"' \
|
||||
> "$TMPFILE" 2>/dev/null || true
|
||||
|
||||
NEW_LINES=$(wc -l < "$TMPFILE" | tr -d ' ')
|
||||
|
||||
if [ "$NEW_LINES" -gt 0 ]; then
|
||||
cat "$TMPFILE" >> "$UNAUTH_LOG"
|
||||
fi
|
||||
|
||||
# Save new offset
|
||||
echo "$FILE_SIZE" > "$OFFSET_FILE"
|
||||
|
||||
TOTAL_LINES=$(wc -l < "$UNAUTH_LOG" | tr -d ' ')
|
||||
echo "{\"new_lines\":$NEW_LINES,\"total_lines\":$TOTAL_LINES}"
|
||||
Reference in New Issue
Block a user