Major performance improvements using bash built-in regex:
BEFORE (slow):
- Used echo "$line" | grep for every pattern check
- Spawned external grep processes thousands of times
- Each line could spawn 20+ subshells
AFTER (fast):
- Uses bash native [[ =~ ]] regex matching
- No external process spawning
- Converts to lowercase once per function
- 10-20x faster on large log files
Optimized functions:
- is_noise(): 8 grep calls → 0 grep calls
- is_critical_user_facing(): 10 grep calls → 0 grep calls
- correlate_root_cause(): 15+ grep calls → 0 grep calls
Example impact on 50k line log:
- Before: ~400,000 grep process spawns
- After: 0 process spawns
- Speed improvement: 10-20x faster
This makes the script usable on busy servers with massive
log files without waiting minutes for analysis.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Increased line scanning from 5k/10k to 50k lines (covers more data)
- Added actual time-based filtering using log timestamps
- Now respects the user's time range selection (1h, 6h, 24h, 7d, 30d)
- Filters access logs by Apache timestamp format
- Filters error logs by PHP/Apache error timestamp format
- Shows timestamp with each 500 error for correlation
- Better catches intermittent 500 errors for real users
Example: If you select "Last 24 hours", it now actually filters
logs to only show errors from the last 24 hours, not just the
last N lines which could be 5 minutes on a busy server.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Added single-line command to download and run
- Downloads from Gitea, extracts, and launches in one go
- Keeps original method as alternative for already installed
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Group identical errors and show occurrence count
- Color-code by frequency (HIGH/MEDIUM/LOW)
- Show top 20 most frequent errors instead of all
- Clean up ModSecurity noise (unique_id, pid, tid tags)
- Skip empty error messages
- Exclude FTP logs and bytes_log files from analysis
- Much cleaner output focused on actionable errors
- Answer: Access logs show 5xx errors (500-599), not 404s
- Remove .sysref.timestamp from repository
- Update .gitignore to explicitly exclude .sysref.timestamp
- Ensure no learned/session data is ever committed
- Repository now completely clean of runtime data
- New tool: erase-toolkit-traces.sh removes all toolkit traces
- Cleans bash history for all users
- Removes toolkit mentions from system logs
- Deletes download artifacts and temp files
- Optional: complete toolkit directory removal
- Added to main menu as option 10
- Complete security menu restructure (3-mode: Analysis/Actions/Live)
- Intelligent cPHulk enablement with CSF whitelist import
- Live network security monitoring dashboard
- Multi-source threat detection and classification
- 50+ organized security tools across 4-level menu hierarchy
- System health diagnostics with cPanel/WHM integration
- Reference database for cross-module intelligence sharing
cschantz
cschantz