feat: logs query flags, json_helper module split, handshake logging
- wgctl logs --since: relative (2h/7d) and EU/ISO date formats - wgctl logs --service: filter by service name, IP, or IP:port - wgctl logs --event: filter wg events by type - wgctl logs: no header when no logs found - core/lib/util.py: shared utilities, parse_since, reverse_lookup - core/lib/events.py: fw_events, wg_events with query params - core/lib/peers.py: peer_data, peer_transfer - core/lib/activity.py: activity_aggregate - wgctl-monitor.py: handshake session poller thread with cache
This commit is contained in:
parent
1308f9e07a
commit
3378ec3e5e
3 changed files with 120 additions and 3129 deletions
|
|
@ -18,6 +18,8 @@ function cmd::logs::on_load() {
|
|||
flag::register --days
|
||||
flag::register --raw
|
||||
flag::register --detailed
|
||||
flag::register --service
|
||||
flag::register --event
|
||||
}
|
||||
|
||||
function cmd::logs::help() {
|
||||
|
|
@ -32,14 +34,19 @@ Subcommands:
|
|||
rotate Remove entries older than N days
|
||||
|
||||
Options for show:
|
||||
--name <name> Filter by client name
|
||||
--type <type> Filter by device type
|
||||
--limit <n> Max results per source (default: 50)
|
||||
--fw Show only firewall drops
|
||||
--wg Show only WireGuard events
|
||||
--merged Show all events chronologically interleaved
|
||||
--follow, -f Follow logs in real time (alias: wgctl watch)
|
||||
--raw Show raw IPs without service annotation
|
||||
--name <name> Filter by client name
|
||||
--type <type> Filter by device type
|
||||
--limit <n> Max results per source (default: 50)
|
||||
--since <time> Show events since: 2h, 7d, 23/05, 23/05/2026, 2026-05-23
|
||||
--service <svc> Filter by service name, IP, or IP:port
|
||||
e.g. pihole, proxmox:web-ui, 10.0.0.100, 10.0.0.100:8006
|
||||
--event <type> Filter wg events: attempt | handshake
|
||||
--fw Show only firewall drops
|
||||
--wg Show only WireGuard events
|
||||
--merged Show all events chronologically interleaved
|
||||
--detailed Show all deduplicated events (bypass hourly collapse)
|
||||
--follow, -f Follow logs in real time
|
||||
--raw Show raw IPs without service annotation
|
||||
|
||||
Options for remove:
|
||||
--name <name> Remove entries for specific peer
|
||||
|
|
@ -55,8 +62,15 @@ Options for rotate:
|
|||
|
||||
Examples:
|
||||
wgctl logs
|
||||
wgctl logs --name phone-nuno
|
||||
wgctl logs --fw --limit 100
|
||||
wgctl logs --since 2h
|
||||
wgctl logs --since 23/05
|
||||
wgctl logs --name phone-nuno --since 7d
|
||||
wgctl logs --fw --service pihole
|
||||
wgctl logs --fw --service proxmox:web-ui
|
||||
wgctl logs --fw --service 10.0.0.100
|
||||
wgctl logs --wg --event attempt
|
||||
wgctl logs --wg --event handshake --since 24h
|
||||
wgctl logs --detailed
|
||||
wgctl logs --merged
|
||||
wgctl logs --follow
|
||||
wgctl logs remove --name phone-nuno
|
||||
|
|
@ -86,22 +100,26 @@ function cmd::logs::run() {
|
|||
}
|
||||
|
||||
function cmd::logs::show() {
|
||||
local name="" type="" limit=50
|
||||
local fw_only=false wg_only=false follow=false merged=false raw=false detailed=false
|
||||
|
||||
local name="" type="" limit=50 since=""
|
||||
local fw_only=false wg_only=false follow=false merged=false
|
||||
local raw=false detailed=false
|
||||
local filter_service="" filter_event=""
|
||||
|
||||
while [[ $# -gt 0 ]]; do
|
||||
case "$1" in
|
||||
--name) name="$2"; shift 2 ;;
|
||||
--type) type="$2"; shift 2 ;;
|
||||
--limit) limit="$2"; shift 2 ;;
|
||||
--fw) fw_only=true; shift ;;
|
||||
--wg) wg_only=true; shift ;;
|
||||
--merged) merged=true; shift ;;
|
||||
--follow|-f) follow=true; shift ;;
|
||||
--raw) raw=true; shift ;;
|
||||
--detailed) detailed=true shift ;;
|
||||
--help) cmd::logs::help; return ;;
|
||||
--name) name="$2"; shift 2 ;;
|
||||
--type) type="$2"; shift 2 ;;
|
||||
--limit) limit="$2"; shift 2 ;;
|
||||
--since) since="$2"; shift 2 ;;
|
||||
--service) filter_service="$2"; shift 2 ;;
|
||||
--event) filter_event="$2"; shift 2 ;;
|
||||
--fw) fw_only=true; shift ;;
|
||||
--wg) wg_only=true; shift ;;
|
||||
--merged) merged=true; shift ;;
|
||||
--follow|-f) follow=true; shift ;;
|
||||
--raw) raw=true; shift ;;
|
||||
--detailed) detailed=true; shift ;;
|
||||
--help) cmd::logs::help; return ;;
|
||||
*)
|
||||
log::error "Unknown flag: $1"
|
||||
return 1
|
||||
|
|
@ -112,7 +130,6 @@ function cmd::logs::show() {
|
|||
local collapse=1
|
||||
$detailed && collapse=0
|
||||
|
||||
|
||||
if [[ -n "$name" && -n "$type" ]]; then
|
||||
name=$(peers::resolve_and_require "$name" "$type") || return 1
|
||||
fi
|
||||
|
|
@ -131,27 +148,71 @@ function cmd::logs::show() {
|
|||
local net_file=""
|
||||
$raw || net_file="$(ctx::net)"
|
||||
|
||||
log::section "WireGuard Activity Log"
|
||||
printf "\n"
|
||||
# Parse --service into dest_ip and dest_port
|
||||
local filter_dest_ip="" filter_dest_port=""
|
||||
if [[ -n "$filter_service" ]]; then
|
||||
if [[ "$filter_service" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+(:[0-9]+)?$ ]]; then
|
||||
filter_dest_ip="${filter_service%%:*}"
|
||||
local maybe_port="${filter_service##*:}"
|
||||
[[ "$maybe_port" != "$filter_dest_ip" ]] && filter_dest_port="$maybe_port"
|
||||
else
|
||||
local svc_resolved
|
||||
svc_resolved=$(net::resolve "$filter_service" 2>/dev/null | head -1)
|
||||
if [[ -n "$svc_resolved" ]]; then
|
||||
filter_dest_ip="${svc_resolved%%:*}"
|
||||
local rest="${svc_resolved#*:}"
|
||||
[[ "$rest" != "$filter_dest_ip" ]] && filter_dest_port="${rest%%:*}"
|
||||
else
|
||||
log::error "Service not found: ${filter_service}"
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
if $merged; then
|
||||
cmd::logs::show_merged "$filter_ip" "$name" "$type" "$limit" "$net_file"
|
||||
log::section "WireGuard Activity Log"
|
||||
printf "\n"
|
||||
cmd::logs::show_merged "$filter_ip" "$name" "$type" "$limit" "$net_file" "$since"
|
||||
return
|
||||
fi
|
||||
|
||||
$wg_only || cmd::logs::show_fw_events "$filter_ip" "$name" "$type" "$limit" "$net_file" "$collapse"
|
||||
$fw_only || cmd::logs::show_wg_events "$filter_ip" "$name" "$type" "$limit" "$collapse"
|
||||
# Collect output — only show header if there's data
|
||||
local fw_output="" wg_output=""
|
||||
|
||||
$wg_only || fw_output=$(cmd::logs::show_fw_events \
|
||||
"$filter_ip" "$name" "$type" "$limit" "$net_file" \
|
||||
"$collapse" "$since" "$filter_dest_ip" "$filter_dest_port")
|
||||
|
||||
$fw_only || wg_output=$(cmd::logs::show_wg_events \
|
||||
"$filter_ip" "$name" "$type" "$limit" \
|
||||
"$collapse" "$since" "$filter_event")
|
||||
|
||||
if [[ -z "${fw_output// /}" && -z "${wg_output// /}" ]]; then
|
||||
log::wg_warning "No logs found"
|
||||
return 0
|
||||
fi
|
||||
|
||||
log::section "WireGuard Activity Log"
|
||||
printf "\n"
|
||||
|
||||
if [[ -n "$fw_output" ]]; then printf "%s\n" "$fw_output"; fi;
|
||||
if [[ -n "$wg_output" ]]; then printf "%s\n" "$wg_output"; fi;
|
||||
}
|
||||
|
||||
function cmd::logs::show_fw_events() {
|
||||
local filter_ip="${1:-}" filter_name="${2:-}" filter_type="${3:-}" \
|
||||
limit="${4:-50}" net_file="${5:-}" collapse="${6:-1}"
|
||||
limit="${4:-50}" net_file="${5:-}" collapse="${6:-1}" \
|
||||
since="${7:-}" filter_dest_ip="${8:-}" filter_dest_port="${9:-}"
|
||||
|
||||
[[ ! -f "$FW_EVENTS_LOG" ]] && return 0
|
||||
|
||||
local data
|
||||
data=$(json::fw_events "$FW_EVENTS_LOG" "$filter_ip" "$filter_type" \
|
||||
"$(ctx::clients)" "${net_file:-}" "$limit" "$collapse" 2>/dev/null)
|
||||
data=$(json::fw_events \
|
||||
"$FW_EVENTS_LOG" "$filter_ip" "$filter_type" \
|
||||
"$(ctx::clients)" "${net_file:-}" \
|
||||
"$limit" "$collapse" "$since" \
|
||||
"$filter_dest_ip" "$filter_dest_port" \
|
||||
2>/dev/null)
|
||||
|
||||
[[ -z "$data" ]] && return 0
|
||||
|
||||
|
|
@ -160,8 +221,7 @@ function cmd::logs::show_fw_events() {
|
|||
while IFS='|' read -r ts client dest_ip dest_port proto svc count; do
|
||||
[[ -z "$ts" ]] && continue
|
||||
(( ${#client} > w_client )) && w_client=${#client}
|
||||
local dest_display
|
||||
local host_name
|
||||
local dest_display host_name
|
||||
host_name=$(hosts::resolve_ip "$dest_ip")
|
||||
if [[ -n "$host_name" ]]; then
|
||||
dest_display="$host_name"
|
||||
|
|
@ -186,12 +246,16 @@ function cmd::logs::show_fw_events() {
|
|||
|
||||
function cmd::logs::show_wg_events() {
|
||||
local filter_ip="${1:-}" filter_name="${2:-}" filter_type="${3:-}" \
|
||||
limit="${4:-50}" collapse="${5:-1}"
|
||||
limit="${4:-50}" collapse="${5:-1}" \
|
||||
since="${6:-}" filter_event="${7:-}"
|
||||
|
||||
[[ ! -f "$WG_EVENTS_LOG" ]] && return 0
|
||||
|
||||
local data
|
||||
data=$(json::wg_events "$WG_EVENTS_LOG" "$filter_name" "$filter_type" "$limit" "$collapse" 2>/dev/null)
|
||||
data=$(json::wg_events \
|
||||
"$WG_EVENTS_LOG" "$filter_name" "$filter_type" \
|
||||
"$limit" "$collapse" "$since" "$filter_event" \
|
||||
2>/dev/null)
|
||||
|
||||
[[ -z "$data" ]] && return 0
|
||||
|
||||
|
|
@ -219,18 +283,21 @@ function cmd::logs::show_wg_events() {
|
|||
printf "\n"
|
||||
}
|
||||
|
||||
|
||||
function cmd::logs::show_merged() {
|
||||
local filter_ip="${1:-}" filter_name="${2:-}" filter_type="${3:-}" \
|
||||
limit="${4:-50}" net_file="${5:-}"
|
||||
limit="${4:-50}" net_file="${5:-}" since="${6:-}"
|
||||
|
||||
local fw_data wg_data
|
||||
fw_data=$(json::fw_events "$FW_EVENTS_LOG" "$filter_ip" "$filter_type" \
|
||||
"$(ctx::clients)" "${net_file:-}" "$limit" 2>/dev/null)
|
||||
wg_data=$(json::wg_events "$WG_EVENTS_LOG" "$filter_name" "$filter_type" \
|
||||
"$limit" 2>/dev/null)
|
||||
fw_data=$(json::fw_events \
|
||||
"$FW_EVENTS_LOG" "$filter_ip" "$filter_type" \
|
||||
"$(ctx::clients)" "${net_file:-}" \
|
||||
"$limit" "1" "$since" "" "" \
|
||||
2>/dev/null)
|
||||
wg_data=$(json::wg_events \
|
||||
"$WG_EVENTS_LOG" "$filter_name" "$filter_type" \
|
||||
"$limit" "1" "$since" "" \
|
||||
2>/dev/null)
|
||||
|
||||
# Measure widths across both sources
|
||||
local w_client=16 w_dest=20
|
||||
while IFS='|' read -r ts client rest; do
|
||||
[[ -z "$ts" ]] && continue
|
||||
|
|
@ -238,7 +305,6 @@ function cmd::logs::show_merged() {
|
|||
done < <(echo "$fw_data"; echo "$wg_data")
|
||||
(( w_client += 2 ))
|
||||
|
||||
# Tag and merge: prefix fw lines with "fw|", wg lines with "wg|"
|
||||
local merged_data
|
||||
merged_data=$(
|
||||
while IFS='|' read -r ts client dest_ip dest_port proto svc count; do
|
||||
|
|
@ -251,7 +317,6 @@ function cmd::logs::show_merged() {
|
|||
done <<< "$wg_data"
|
||||
)
|
||||
|
||||
# Sort by timestamp field 2
|
||||
while IFS='|' read -r source ts rest; do
|
||||
[[ -z "$source" ]] && continue
|
||||
case "$source" in
|
||||
|
|
@ -296,7 +361,6 @@ function cmd::logs::follow() {
|
|||
log::section "WireGuard Live Log (Ctrl+C to stop)"
|
||||
printf "\n"
|
||||
|
||||
# Delegate to watch command
|
||||
local watch_args=()
|
||||
[[ -n "$filter_name" ]] && watch_args+=(--name "$filter_name")
|
||||
[[ -n "$filter_type" ]] && watch_args+=(--type "$filter_type")
|
||||
|
|
@ -378,9 +442,9 @@ function cmd::logs::rotate() {
|
|||
|
||||
while [[ $# -gt 0 ]]; do
|
||||
case "$1" in
|
||||
--days) days="$2"; shift 2 ;;
|
||||
--force) force=true; shift ;;
|
||||
--help) cmd::logs::help; return ;;
|
||||
--days) days="$2"; shift 2 ;;
|
||||
--force) force=true; shift ;;
|
||||
--help) cmd::logs::help; return ;;
|
||||
*) log::error "Unknown flag: $1"; return 1 ;;
|
||||
esac
|
||||
done
|
||||
|
|
|
|||
|
|
@ -187,8 +187,8 @@ function cmd::test::section_logs() {
|
|||
test::section "Logs"
|
||||
cmd::test::run_cmd "logs" "Activity" logs
|
||||
cmd::test::run_cmd "logs --name phone-nuno" "Activity" logs --name phone-nuno
|
||||
cmd::test::run_cmd "logs --fw" "Activity" logs --fw
|
||||
cmd::test::run_cmd "logs --wg" "Activity" logs --wg
|
||||
cmd::test::run_cmd "logs --fw" "Firewall Drops" logs --fw
|
||||
cmd::test::run_cmd "logs --wg" "WireGuard Events" logs --wg
|
||||
}
|
||||
|
||||
function cmd::test::section_fw() {
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load diff
Loading…
Add table
Reference in a new issue