#!/bin/bash
# Real-time Log Monitor for QBPOS Help Website
# Shows recent attacks, blocked IPs, and suspicious activity

echo "=== QBPOS Help Website Security Monitor ==="
echo "Date: $(date)"
echo ""

# Show fail2ban status
echo "--- Fail2ban Status ---"
sudo fail2ban-client status nginx-badbots 2>/dev/null | grep "Total banned" || echo "No bans yet"
sudo fail2ban-client status nginx-noproxy 2>/dev/null | grep "Total banned" || echo "No proxy attacks"
echo ""

# Show recent blocked IPs
echo "--- Recently Blocked IPs (last 24h) ---"
sudo grep "Ban" /var/log/fail2ban.log 2>/dev/null | tail -10 || echo "No recent bans"
echo ""

# Show suspicious access attempts
echo "--- Suspicious Access Attempts (last 100) ---"
tail -100 /var/log/nginx/qbpos-access.log | grep -E "\.\.\/|\.php|\.asp|admin|wp-|sqlmap" | tail -5 || echo "No suspicious activity"
echo ""

# Show recent 404 errors
echo "--- Recent 404 Errors ---"
tail -100 /var/log/nginx/qbpos-access.log | grep " 404 " | tail -5 || echo "No 404 errors"
echo ""

# Show error log
echo "--- Recent Errors ---"
tail -10 /var/log/nginx/qbpos-error.log 2>/dev/null || echo "No recent errors"