LogVault is a centralized log management and monitoring system that simplifies log collection, monitoring, archiving, and reporting across multiple Linux servers. It provides a web-based dashboard to visualize security and login events, making it easy to detect suspicious activity.
┌─────────────┐ ┌─────────────┐
│ web01 │ │ web02 │
│ (CentOS VM) │ ... │ (Ubuntu VM) │
└──────┬──────┘ └──────┬──────┘
│ SSH/Logs │
▼ ▼
┌──────────────────────────┐
│ logserver │
│ (Central Aggregator VM) │
│ - collect_logs.sh │
│ - monitor.sh │
│ - backup.sh │
│ - generate_report.sh │
└───────────┬─────────────┘
│
▼
┌─────────────────┐
│ Apache Webserver│
│ /var/www/html │
└─────────────────┘
│
▼
🌐 Web Dashboard (dashboard.html)
- Centralized Log Collection – Secure SSH-based log retrieval from CentOS (
/var/log/secure) and Ubuntu (/var/log/auth.log) servers. - Monitoring & Alerts – Detects failed or successful SSH logins. Raises alerts if login thresholds are exceeded.
- Backup & Archiving – Daily logs are versioned and compressed into
.tar.gzarchives with Git history tracking. - Automated Scheduling – Fully automated with cron jobs for collection, monitoring, backup, and report generation.
- Web Dashboard – An interactive
dashboard.htmlgenerated with Bash, hosted via Apache. - Cross-Distribution Support – Works seamlessly with both Ubuntu and CentOS/RHEL environments.
- 1 central log aggregator VM →
logserver(with Apache or httpd installed). - Multiple app VMs →
web01,web02,web03(Ubuntu or CentOS).
vim /etc/hosts # Add entries for web01, web02, web03 with their corresponding private ip ping -c 4 web01 ping -c 4 web02 ping -c 4 web03
ssh-keygen -t ed25519 ssh-copy-id vagrant@web01 ssh-copy-id vagrant@web02 ssh-copy-id vagrant@web03
Create project structure, scripts and configure permission
mkdir -p ~/logvault/scripts ~/logvault/logs chmod 744 collect_logs.sh monitor.sh backup.sh generate_report.sh
Collect logs:
./scripts/collect_logs.sh
Monitor logs:
./scripts/monitor.sh
Backup logs:
./scripts/backup.sh
Generate dashboard:
./scripts/generate_report.sh
git init git status git add . git status git commit -m "Initial commit - setup LogVault"
yum install -y httpd systemctl start httpd systemctl enable httpd systemctl stop firewalld # disabled firewall for testing ip addr | grep inet # get server IP to access dashboard
http://<logserver-ip>/dashboard.html
crontab -e
0 1 * * * /root/logvault/scripts/collect_logs.sh # Collect logs daily at 1 AM
0 2 * * * /root/logvault/scripts/monitor.sh # Monitor logs daily at 2 AM
0 3 * * * /root/logvault/scripts/backup.sh # Backup logs daily at 3 AM
15 3 * * * /root/logvault/scripts/generate_report.sh # Generate dashboard at 3:15 AM
logvault/ ├── scripts/ │ ├── collect_logs.sh │ ├── monitor.sh │ ├── backup.sh │ └── generate_report.sh ├── backups/ # Compressed & versioned log backups (.tar.gz)
Once reports are generated, the web dashboard (e.g., dashboard.html) will display:
- Failed SSH login attempts
- Successful SSH logins
- Alerts for anomalies
- Historical log trends
- Use SSH key authentication instead of passwords.
- Limit logserver access to trusted administrators.
- Ensure Apache is configured with best practices (firewall, SELinux/AppArmor, TLS if public-facing).
📌 LogVault — Centralized Log Management | Built with Linux, Bash, Git, Apache