|
|
@@ -7,10 +7,11 @@ A fail-safe webserver that provides secure access to decryption key parts with m
|
|
|
- **Fail-safe design**: All operations require successful notification delivery
|
|
|
- **Dual endpoint system**: Emergency key access and health monitoring
|
|
|
- **dschep/ntfy integration**: Real-time notifications via multiple backends (Pushover, Pushbullet, Slack, etc.)
|
|
|
+- **Real-time log monitoring**: All application logs automatically sent to notification backends
|
|
|
- **Configurable security**: Random endpoint paths and file locations
|
|
|
- **Caddy reverse proxy ready**: Runs on localhost for secure proxy setup
|
|
|
- **Systemd integration**: Automatic startup and service management
|
|
|
-- **Comprehensive logging**: Detailed audit trail of all operations
|
|
|
+- **Comprehensive logging**: Detailed audit trail of all operations with live notifications
|
|
|
|
|
|
## Architecture
|
|
|
|
|
|
@@ -26,6 +27,8 @@ The system consists of two main endpoints:
|
|
|
- Sends health status to monitoring backends
|
|
|
- Used for regular system verification
|
|
|
|
|
|
+**Log Monitoring**: All application logs (WARNING level and above by default) are automatically sent to the health backends for real-time monitoring and alerting.
|
|
|
+
|
|
|
The server runs on localhost:1127 by default and is designed to be accessed through a Caddy reverse proxy for security and TLS termination.
|
|
|
|
|
|
## Installation
|
|
|
@@ -106,9 +109,11 @@ Edit `/etc/emergency-access/config.json`:
|
|
|
},
|
|
|
"notifications": {
|
|
|
"key_backends": ["matrix_sec", "pushover_emergency"],
|
|
|
- "health_backends": ["matrix_sec"],
|
|
|
+ "health_backends": ["matrix_health"],
|
|
|
"key_message": "🚨 EMERGENCY: Decryption key accessed from server",
|
|
|
- "health_message": "✅ Emergency access server health check completed"
|
|
|
+ "health_message": "✅ Emergency access server health check completed",
|
|
|
+ "log_level": "WARNING",
|
|
|
+ "send_all_logs": true
|
|
|
}
|
|
|
}
|
|
|
```
|
|
|
@@ -129,9 +134,11 @@ Edit `/etc/emergency-access/config.json`:
|
|
|
|
|
|
#### Notification Settings
|
|
|
- `key_backends`: List of backend names from your global ntfy config for key access alerts
|
|
|
-- `health_backends`: List of backend names from your global ntfy config for health check notifications
|
|
|
+- `health_backends`: List of backend names from your global ntfy config for health check notifications and all application logs
|
|
|
- `key_message`: Message sent when key is accessed
|
|
|
- `health_message`: Message sent for health checks
|
|
|
+- `log_level`: Minimum log level to send to health backends ("INFO", "WARNING", "ERROR")
|
|
|
+- `send_all_logs`: Whether to send application logs to health backends (true/false)
|
|
|
|
|
|
#### Backend Name Examples
|
|
|
- `matrix_sec`: Matrix backend for security alerts
|
|
|
@@ -344,6 +351,7 @@ The service binds only to localhost (127.0.0.1:1127) and is accessed through you
|
|
|
- Configure notification backends (Pushover, Pushbullet, etc.)
|
|
|
- Set up monitoring of notification delivery in your backends
|
|
|
- Monitor log files for errors
|
|
|
+ - All application logs are automatically sent to health backends for real-time monitoring
|
|
|
|
|
|
## Troubleshooting
|
|
|
|
zehe