• If you manage more than one or two home Linux servers, you already know the routine. Every morning, logwatch wakes up, collects a pile of system data, and drops a flat text file into your inbox. If you have three, four, or five machines running, checking those logs turns into an absolute chore. Half the time you just scan the headers, notice nothing looks on fire, and close the window.

    That’s bad security hygiene. But let’s be honest—reading regular operational noise day in and day out is mind-numbing.

    So I started thinking. The future happened while we weren’t looking, and now we have incredibly capable local Large Language Models (LLMs) that can run completely offline right on our own hardware. Could I offload the boring task of daily log parsing to an AI running on my home Intel NUC server? Could it act like a virtual, around-the-clock Ubuntu System Administrator, reading the noise and only buzzing my phone when an actual infrastructure anomaly hits?

    Yes, yes it can. Partnering with Google AI, which did all the heavy lifting for the coding, I mapped out a complete multi-server extraction framework.

    The best part? It costs zero dollars in subscription APIs, and not a single line of my server log data ever leaves my local network. Here is how I made that happen.

    The Architectural Philosophy: Why Pull vs. Push?

    When designing a multi-node tracking setup, you have two real choices for collecting files: you can have your remote servers push their data to your central node, or have your central node pull the data from them.

    I explicitly chose a Single-Pass Pull Architecture.

    If a remote server gets compromised, the very first thing an attacker does is look for API tokens or SSH keys to pivot across your network. By implementing a pull architecture, my remote nodes remain completely passive. They do not hold any connection keys or write permissions to my central NUC. The central monitoring node initiates a hardened outbound connection, pulls the data into an isolated staging queue, processes it, and clears the remote space. If a sub-node drops offline or suffers a breach, the rest of the infrastructure remains entirely safe.

    (more…)
  • I built a thing using google AI mode. In a couple sessions. Then I asked it to recap the sessions. For your reading pleasure here is what it said.

    Pages: 1 2

  • Or more accurately, how I used Google AI mode to do it. Then after iterating a few times, changing the approach, and debugging it, I had it generate this generic version, and this blog post, including everything after this intro block. Honestly, it would have taken me more than a day to do this. Using Google AI mode and some iterations it was done in a few hours. It all started with this question: “is it possible to use AI tools to review raw logwatch logs and filter them, opting to only be notified if something actually required manual human attention.” It was really interesting to iterate over various approaches. Pretty cool. Anyway, over to you, AI…

    Edit: There were some bugs – permissions on the local logwatch files didn’t work (UMask didn’t do it) and in the end I needed to edit the cron.daily 00logwatch to both not send email, and chown the result file to the user pulling the files. And there is a bug in parse_logs.py line 98, in
    base_name = os.path.splitext(filename).upper()
    needs to be
    base_name = os.path.splitext(filename)[0].upper()

    Also looks like the server name for flagged errors isn’t getting into the email, and it’s flagging non-errors (ssh attempts for unallowed users, successful ssh for allowed users) as actionable log messages. More revisions needed! I’ll talk to the AI later. This is going to show up in the annual performace review!

    Edit 2: Many iterations later, I have a much cleaner version that works consistently and has lots of error checking. Now, if only I could get it to generate a clean blog post.

    Pages: 1 2

  • The Flint2 aka GL-MT6000 router is my new router of choice…running OpenWRT based firmware, it is customizable, not locked down, not idiot proof. Thats great if you want, or need the ability to set up your home network the way you want. That’s me. Anyway, cool. I got one, configured it, everything works as expected. So, next obvious question – what can I do with this Linux machine? Can I monitor anything? Can I integrate it into my existing Munin based monitoring running on my home Linux server?
    Yes, yes I can. This post describes how to make that happen.

    Pages: 1 2

  • I have a couple Blink cameras and a sync 2 module. I don’t pay for the cloud storage, instead the videos are saved to the storage card on the sync module. That’s great except WOW is it painfully slow to view and managed those videos via the blink app.

    Pages: 1 2