remote logging

README.md

@@ -7,10 +7,11 @@ A fail-safe webserver that provides secure access to decryption key parts with m
 - **Fail-safe design**: All operations require successful notification delivery
 - **Dual endpoint system**: Emergency key access and health monitoring
 - **dschep/ntfy integration**: Real-time notifications via multiple backends (Pushover, Pushbullet, Slack, etc.)
+- **Real-time log monitoring**: All application logs automatically sent to notification backends
 - **Configurable security**: Random endpoint paths and file locations
 - **Caddy reverse proxy ready**: Runs on localhost for secure proxy setup
 - **Systemd integration**: Automatic startup and service management
-- **Comprehensive logging**: Detailed audit trail of all operations
+- **Comprehensive logging**: Detailed audit trail of all operations with live notifications
 
 ## Architecture
 
@@ -26,6 +27,8 @@ The system consists of two main endpoints:
    - Sends health status to monitoring backends
    - Used for regular system verification
 
+**Log Monitoring**: All application logs (WARNING level and above by default) are automatically sent to the health backends for real-time monitoring and alerting.
+
 The server runs on localhost:1127 by default and is designed to be accessed through a Caddy reverse proxy for security and TLS termination.
 
 ## Installation
@@ -106,9 +109,11 @@ Edit `/etc/emergency-access/config.json`:
   },
   "notifications": {
     "key_backends": ["matrix_sec", "pushover_emergency"],
-    "health_backends": ["matrix_sec"],
+    "health_backends": ["matrix_health"],
     "key_message": "🚨 EMERGENCY: Decryption key accessed from server",
-    "health_message": "✅ Emergency access server health check completed"
+    "health_message": "✅ Emergency access server health check completed",
+    "log_level": "WARNING",
+    "send_all_logs": true
   }
 }
 ```
@@ -129,9 +134,11 @@ Edit `/etc/emergency-access/config.json`:
 
 #### Notification Settings
 - `key_backends`: List of backend names from your global ntfy config for key access alerts
-- `health_backends`: List of backend names from your global ntfy config for health check notifications
+- `health_backends`: List of backend names from your global ntfy config for health check notifications and all application logs
 - `key_message`: Message sent when key is accessed
 - `health_message`: Message sent for health checks
+- `log_level`: Minimum log level to send to health backends ("INFO", "WARNING", "ERROR")
+- `send_all_logs`: Whether to send application logs to health backends (true/false)
 
 #### Backend Name Examples
 - `matrix_sec`: Matrix backend for security alerts
@@ -344,6 +351,7 @@ The service binds only to localhost (127.0.0.1:1127) and is accessed through you
    - Configure notification backends (Pushover, Pushbullet, etc.)
    - Set up monitoring of notification delivery in your backends
    - Monitor log files for errors
+   - All application logs are automatically sent to health backends for real-time monitoring
 
 ## Troubleshooting
 

config-production.json

@@ -15,6 +15,8 @@
     "key_backends": ["matrix_sec"],
     "health_backends": ["matrix_ntf"],
     "key_message": "🚨 CRITICAL ALERT: Emergency decryption key accessed in PRODUCTION environment",
-    "health_message": "✅ Emergency access system health check - all systems operational"
+    "health_message": "✅ Emergency access system health check - all systems operational",
+    "log_level": "WARNING",
+    "send_all_logs": true
   }
 }

config.json

@@ -15,6 +15,8 @@
     "key_backends": ["matrix_sec", "pushover_emergency"],
     "health_backends": ["matrix_health"],
     "key_message": "🚨 EMERGENCY: Decryption key accessed from server",
-    "health_message": "✅ Emergency access server health check completed"
+    "health_message": "✅ Emergency access server health check completed",
+    "log_level": "WARNING",
+    "send_all_logs": true
   }
 }

config.py

@@ -68,6 +68,14 @@ class Config:
             raise Exception("No notification backends configured for health check")
         return backends
 
+    @property
+    def log_level(self) -> str:
+        return self.config.get('notifications', {}).get('log_level', 'WARNING')
+
+    @property
+    def send_all_logs(self) -> bool:
+        return self.config.get('notifications', {}).get('send_all_logs', True)
+
 
 
     @property

main.py

@@ -9,6 +9,37 @@ from flask import Flask, jsonify
 from config import Config
 from typing import List, Tuple
 
+# Configure logging with custom handler
+class NtfyLogHandler(logging.Handler):
+    """Custom logging handler that sends logs to ntfy health backends"""
+
+    def __init__(self, config_obj):
+        super().__init__()
+        self.config = config_obj
+
+    def emit(self, record):
+        """Send log record to health backends"""
+        if hasattr(self.config, 'ntfy_backends_health') and self.config.send_all_logs:
+            try:
+                log_message = self.format(record)
+                # Get configured log level or default to WARNING
+                min_level = getattr(logging, self.config.log_level.upper(), logging.WARNING)
+
+                if record.levelno >= min_level:
+                    # Format message with appropriate emoji based on log level
+                    emoji = "🚨" if record.levelno >= logging.ERROR else "⚠️" if record.levelno >= logging.WARNING else "ℹ️"
+                    title = f"Emergency Access {record.levelname}"
+                    message = f"{emoji} {record.name}: {record.getMessage()}"
+
+                    send_ntfy_notification(
+                        self.config.ntfy_backends_health,
+                        message,
+                        title
+                    )
+            except Exception:
+                # Don't fail the application if logging notification fails
+                pass
+
 # Configure logging
 logging.basicConfig(
     level=logging.INFO,
@@ -238,6 +269,14 @@ if __name__ == '__main__':
         config = Config()
         logger.info("Configuration loaded successfully")
 
+        # Add ntfy log handler after config is loaded
+        if config.send_all_logs:
+            ntfy_handler = NtfyLogHandler(config)
+            min_level = getattr(logging, config.log_level.upper(), logging.WARNING)
+            ntfy_handler.setLevel(min_level)
+            # Add to root logger to catch all application logs
+            logging.getLogger().addHandler(ntfy_handler)
+
         # Validate system setup
         if not validate_setup():
             logger.error("System validation failed, exiting")