Clarify Live Monitoring menu - unified monitor vs simple log tailers

PROBLEM: Menu was confusing - showed 5 separate monitors when option 1 now includes everything BEFORE: 1) Live Attack Monitor - Real-time threat feed (all sources) 2) SSH Attack Monitor - Live SSH brute force attempts 3) Web Traffic Monitor - Live HTTP/HTTPS requests 4) Firewall Activity Monitor - Live CSF/iptables events 5) cPHulk Live Monitor - Real-time brute force blocks ... 10) Multi-Source Dashboard - Combined view AFTER: 🛡️ Intelligent Monitoring: 1) Live Attack Monitor - Unified threat intelligence ├─ Monitors: Web, SSH, Firewall, cPHulk, Network (SYN floods) ├─ Features: Threat scoring, bot detection, attack classification └─ Quick Actions: IP blocking, ban management 📋 Simple Log Viewers (No Intelligence): 2) SSH Log Tail - Raw SSH auth attempts 3) Web Traffic Tail - Raw Apache access logs 4) Firewall Log Tail - Raw firewall events Log Tailing: 5) Tail Apache Access Log 6) Tail Apache Error Log 7) Tail Mail Log 8) Tail Security Log Advanced: 9) Custom Log Monitor CHANGES: - Option 1 clearly shows it monitors ALL sources - Options 2-4 clarified as "simple log tailers" without intelligence - Removed redundant option 5 (cPHulk - now built into option 1) - Removed redundant option 10 (Multi-Source - that's what option 1 is) - Renumbered options 6-11 → 5-9 USER BENEFIT: - Clear distinction: Smart monitoring vs raw logs - No confusion about what option 1 actually does - Menu accurately reflects new multi-source capability
2025-11-14 15:19:52 -05:00
parent d8b722cbb4
commit c4840e425b
1 changed files with 22 additions and 20 deletions
@@ -150,25 +150,29 @@ show_live_monitoring_menu() {
    show_banner
    echo -e "${MAGENTA}${BOLD}📡 Live Monitoring & Alerts${NC}"
    echo ""
-    echo -e "${BOLD}Real-Time Dashboards:${NC}"
+    echo -e "${BOLD}🛡️  Intelligent Monitoring:${NC}"
    echo ""
-    echo -e "  ${MAGENTA}1)${NC} Live Attack Monitor          - Real-time threat feed (all sources)"
-    echo -e "  ${MAGENTA}2)${NC} SSH Attack Monitor           - Live SSH brute force attempts"
-    echo -e "  ${MAGENTA}3)${NC} Web Traffic Monitor          - Live HTTP/HTTPS requests"
-    echo -e "  ${MAGENTA}4)${NC} Firewall Activity Monitor    - Live CSF/iptables events"
-    echo -e "  ${MAGENTA}5)${NC} cPHulk Live Monitor          - Real-time brute force blocks"
+    echo -e "  ${MAGENTA}1)${NC} ${BOLD}Live Attack Monitor${NC}          - Unified threat intelligence"
+    echo -e "     ${DIM}├─ Monitors: Web, SSH, Firewall, cPHulk, Network (SYN floods)${NC}"
+    echo -e "     ${DIM}├─ Features: Threat scoring, bot detection, attack classification${NC}"
+    echo -e "     ${DIM}└─ Quick Actions: IP blocking, ban management${NC}"
+    echo ""
+    echo -e "${BOLD}📋 Simple Log Viewers (No Intelligence):${NC}"
+    echo ""
+    echo -e "  ${MAGENTA}2)${NC} SSH Log Tail                 - Raw SSH auth attempts (/var/log/secure)"
+    echo -e "  ${MAGENTA}3)${NC} Web Traffic Tail             - Raw Apache access logs"
+    echo -e "  ${MAGENTA}4)${NC} Firewall Log Tail            - Raw firewall events"
    echo ""
    echo -e "${BOLD}Log Tailing:${NC}"
    echo ""
-    echo -e "  ${MAGENTA}6)${NC} Tail Apache Access Log       - Live web access (all domains)"
-    echo -e "  ${MAGENTA}7)${NC} Tail Apache Error Log        - Live web errors"
-    echo -e "  ${MAGENTA}8)${NC} Tail Mail Log                - Live email activity"
-    echo -e "  ${MAGENTA}9)${NC} Tail Security Log            - Live auth attempts (/var/log/secure)"
+    echo -e "  ${MAGENTA}5)${NC} Tail Apache Access Log       - Live web access (all domains)"
+    echo -e "  ${MAGENTA}6)${NC} Tail Apache Error Log        - Live web errors"
+    echo -e "  ${MAGENTA}7)${NC} Tail Mail Log                - Live email activity"
+    echo -e "  ${MAGENTA}8)${NC} Tail Security Log            - Live auth attempts (/var/log/secure)"
    echo ""
-    echo -e "${BOLD}Advanced Monitoring:${NC}"
+    echo -e "${BOLD}Advanced:${NC}"
    echo ""
-    echo -e "  ${MAGENTA}10)${NC} Multi-Source Dashboard      - Combined view (attacks + logs + metrics)"
-    echo -e "  ${MAGENTA}11)${NC} Custom Log Monitor          - Tail custom log file"
+    echo -e "  ${MAGENTA}9)${NC} Custom Log Monitor           - Tail custom log file"
    echo ""
    echo -e "  ${RED}0)${NC} Back to Security Menu"
    echo ""
@@ -1017,13 +1021,11 @@ handle_live_monitoring_menu() {
            2) run_module "security" "ssh-attack-monitor.sh" ;;
            3) run_module "security" "web-traffic-monitor.sh" ;;
            4) run_module "security" "firewall-activity-monitor.sh" ;;
-            5) run_module "security" "cphulk-live-monitor.sh" ;;
-            6) run_module "security" "tail-apache-access.sh" ;;
-            7) run_module "security" "tail-apache-error.sh" ;;
-            8) run_module "security" "tail-mail-log.sh" ;;
-            9) run_module "security" "tail-secure-log.sh" ;;
-            10) run_module "security" "multi-source-dashboard.sh" ;;
-            11)
+            5) run_module "security" "tail-apache-access.sh" ;;
+            6) run_module "security" "tail-apache-error.sh" ;;
+            7) run_module "security" "tail-mail-log.sh" ;;
+            8) run_module "security" "tail-secure-log.sh" ;;
+            9)
                show_banner
                echo -e "${BOLD}Custom Log Monitor${NC}"
                read -p "Enter log file path: " logpath