Improve Collector to run as a system process or docker process not SSH #2

New issue

Closed

opened 2025-12-02 08:12:08 -06:00 by sluberskihomelab · 0 comments

sluberskihomelab commented

2025-12-02 08:12:08 -06:00

Owner

Improvement

Currently, the collector runs on the server and connects to the server with SSH. This is not an ideal connection method for various reasons. I will be improving the collector to run on the endpoint and connect to the API in order to report information.

Details

Collector will be branched off from the project to byespy-collector and run as a separate entity and repository. This collector will report the same information from the logs, and be it's own thing.

This will allow the collector to be run on the host machine and will connect to the byespy dashboard via API, which is more secure, and poses less overhead.

Configuration

There will be 2 types of configuration for the collector

System Process (Preferred)

The system process will run as a process. It will be a script within the new byespy-collector directory/repository, the script run command will be generated by the system and listed as an onboarding process within the byespy dashboard. I will put in configuration for Debian, RHL, and Arch based distributions for now.

Docker

The Docker process will be a docker run command that is generated within the byespy dashboard as an easier way to pull the information from the fail2ban logs. the /var/logs directory will be mounted in the container as a volume, so not the most secure way of going about this, but potentially easier for an end user.

Potential Fail2Ban4Win log collector

I would also like to add a potential future collector for the Fail2Ban4Win program, although less used than Fail2Ban, still useful.

## Improvement Currently, the collector runs on the server and connects to the server with SSH. This is not an ideal connection method for various reasons. I will be improving the collector to run on the endpoint and connect to the API in order to report information. ## Details Collector will be branched off from the project to byespy-collector and run as a separate entity and repository. This collector will report the same information from the logs, and be it's own thing. This will allow the collector to be run on the host machine and will connect to the byespy dashboard via API, which is more secure, and poses less overhead. ## Configuration There will be 2 types of configuration for the collector ### System Process (Preferred) The system process will run as a process. It will be a script within the new byespy-collector directory/repository, the script run command will be generated by the system and listed as an onboarding process within the byespy dashboard. I will put in configuration for Debian, RHL, and Arch based distributions for now. ### Docker The Docker process will be a docker run command that is generated within the byespy dashboard as an easier way to pull the information from the fail2ban logs. the /var/logs directory will be mounted in the container as a volume, so not the most secure way of going about this, but potentially easier for an end user. ### Potential Fail2Ban4Win log collector I would also like to add a potential future collector for the Fail2Ban4Win program, although less used than Fail2Ban, still useful.

sluberskihomelab added the

Feature

Priority

Medium

labels

2025-12-02 08:12:08 -06:00

sluberskihomelab self-assigned this

2025-12-02 08:12:08 -06:00

sluberskihomelab added this to the ByeSpy Development project

2025-12-02 08:12:08 -06:00

sluberskihomelab added a new dependency

2025-12-02 08:19:50 -06:00