Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

L0rdRaiden

Members
  • Joined

  • Last visited

  1. it worked after a reboot....
  2. Probably one of the most useful plugins. The alert system is the best feature
  3. Attached unraid-diagnostics-20260531-1644.zip
  4. I am using 7.2.5 I have tried to update to 7.3.1 and any of the previous versions but + in this screen after I click on "confirm" the popups gets closed and nothing happens, there is no trace on the log either. Any idea what could be wrong? I have tried with 2 browsers, without add blockers...
  5. Another thing is more rules around security Auditd could be enable https://forums.unraid.net/topic/197621-plugin-logs-viewer-real-time-log-viewer-dashboard-widget-for-unraid/ To keep the plugin lightweight (since Unraid runs entirely in RAM) and seamlessly integrate it with the existing PHP/WebGUI architecture, here is the complete technical blueprint for adding Sigma support, auditd, state management, and auto-updating rules. 1. Architecture: The "Pre-Compiled" StrategyUnraid is based on Slackware, and installing Python just to run the sigma-cli converter natively is too heavy. The Solution: Use GitHub Actions in your repository to run a daily workflow that pulls the latest SigmaHQ rules, converts them to standard PCRE Regular Expressions (using sigma-cli targeting grep/php), and outputs a sigma_rules_compiled.json file. Your Unraid plugin will simply download this JSON file. It keeps the plugin incredibly fast and completely dependency-free. 2. Enabling auditd in UnraidUnraid's kernel usually supports auditing (CONFIG_AUDIT=y), but the userland tools are not installed by default. You need to pull the Slackware audit package during the plugin installation. In your .plg file, add the installation steps: <!-- Download and install the Slackware audit package --> <FILE Name="/boot/config/plugins/unraid-logsviewer/packages/audit-x86_64.txz" Run="upgradepkg --install-new"> <URL>https://slackware.uk/slackware/slackware64-15.0/slackware64/a/audit-3.0.1-x86_64-2.txz</URL> </FILE> <!-- Start auditd and load rules on boot --> <FILE Run="/bin/bash"> <INLINE> # Basic audit rules for Unraid (tracking executions, root actions) cat &lt;&lt; 'EOF' &gt; /etc/audit/audit.rules -D -b 8192 -w /etc/passwd -p wa -k identity -w /etc/shadow -p wa -k identity -a always,exit -F arch=b64 -S execve -F euid=0 -k root_action EOF # Start the daemon /sbin/auditd /sbin/auditctl -R /etc/audit/audit.rules echo "Auditd enabled and rules loaded." </INLINE> </FILE> Note: This will output logs to /var/log/audit/audit.log, which you can add as a new source in your logsviewer. 3. State Management: Preventing Duplicate ScansTo avoid scanning logs you have already scanned (crucial for both scheduled and on-demand scans), you must implement a File Cursor / Bookmark system tracking the inode and byte_offset. Create a PHP helper (cursor_manager.php) in your plugin: <?php $CURSOR_FILE = '/tmp/logsviewer_sigma_cursors.json'; function get_cursor($filepath) { global $CURSOR_FILE; if (!file_exists($CURSOR_FILE)) return ['inode' => 0, 'offset' => 0]; $cursors = json_decode(file_get_contents($CURSOR_FILE), true); $current_inode = fileinode($filepath); // If log was rotated, inode changes, reset offset to 0 if (isset($cursors[$filepath]) && $cursors[$filepath]['inode'] === $current_inode) { return $cursors[$filepath]; } return ['inode' => $current_inode, 'offset' => 0]; } function save_cursor($filepath, $inode, $offset) { global $CURSOR_FILE; $cursors = file_exists($CURSOR_FILE) ? json_decode(file_get_contents($CURSOR_FILE), true) : []; $cursors[$filepath] =['inode' => $inode, 'offset' => $offset]; file_put_contents($CURSOR_FILE, json_encode($cursors)); } ?> Note: This will output logs to /var/log/audit/audit.log, which you can add as a new source in your logsviewer. 3. State Management: Preventing Duplicate ScansTo avoid scanning logs you have already scanned (crucial for both scheduled and on-demand scans), you must implement a File Cursor / Bookmark system tracking the inode and byte_offset. Create a PHP helper (cursor_manager.php) in your plugin: <?php $CURSOR_FILE = '/tmp/logsviewer_sigma_cursors.json'; function get_cursor($filepath) { global $CURSOR_FILE; if (!file_exists($CURSOR_FILE)) return ['inode' => 0, 'offset' => 0]; $cursors = json_decode(file_get_contents($CURSOR_FILE), true); $current_inode = fileinode($filepath); // If log was rotated, inode changes, reset offset to 0 if (isset($cursors[$filepath]) && $cursors[$filepath]['inode'] === $current_inode) { return $cursors[$filepath]; } return ['inode' => $current_inode, 'offset' => 0]; } function save_cursor($filepath, $inode, $offset) { global $CURSOR_FILE; $cursors = file_exists($CURSOR_FILE) ? json_decode(file_get_contents($CURSOR_FILE), true) : []; $cursors[$filepath] =['inode' => $inode, 'offset' => $offset]; file_put_contents($CURSOR_FILE, json_encode($cursors)); } ?> 4. The Scanning Engine (On-Demand & Scheduled)Since unraid-logsviewer already runs a cron job [1], you can inject this logic into the existing scanner, or expose it via an API endpoint for on-demand scanning. Here is the core PHP logic to scan only new lines: <?php require_once 'cursor_manager.php'; // 1. Load compiled Sigma rules $sigma_rules = json_decode(file_get_contents('/boot/config/plugins/unraid-logsviewer/sigma_rules_compiled.json'), true); $log_files =['/var/log/syslog', '/var/log/dmesg', '/var/log/audit/audit.log']; foreach ($log_files as $file) { if (!file_exists($file)) continue; $cursor = get_cursor($file); $handle = fopen($file, 'r'); // Seek to the last read position instantly fseek($handle, $cursor['offset']); while (($line = fgets($handle)) !== false) { // Fast matching foreach ($sigma_rules as $rule) { if (preg_match($rule['regex'], $line)) { // Trigger Unraid Notification $command = escapeshellcmd("/usr/local/emhttp/webGui/scripts/notify"); $args = "-e 'Sigma Alert' -s '{$rule['title']}' -d '{$line}' -i 'alert'"; exec("$command $args"); // Save to local alert history SQLite/JSON log_alert($rule['title'], $line, $rule['severity']); } } } // Save new cursor position save_cursor($file, fileinode($file), ftell($handle)); fclose($handle); } ?> To trigger an On-Demand scan, simply tie an AJAX POST request from the LogsViewer UI to this PHP script. Because of fseek, it will instantly process only the lines written since the last cron run, making it lightning fast. 5. Auto-Update FeatureTo keep the rules up-to-date automatically, add a lightweight script (update_sigma.php) that runs daily via Unraid's /etc/cron.daily/: <?php $remote_url = "https://raw.githubusercontent.com/Lazaros-Chalkidis/unraid-logsviewer/main/sigma_rules_compiled.json"; $local_file = "/boot/config/plugins/unraid-logsviewer/sigma_rules_compiled.json"; $remote_content = file_get_contents($remote_url); if ($remote_content) { $remote_hash = md5($remote_content); $local_hash = file_exists($local_file) ? md5_file($local_file) : ''; if ($remote_hash !== $local_hash) { file_put_contents($local_file, $remote_content); // Optional: Send Unraid notification that rules were updated exec("/usr/local/emhttp/webGui/scripts/notify -e 'Logs Viewer' -s 'Sigma Rules Updated' -d 'New threat definitions downloaded' -i 'normal'"); } } ?> 6. Extra Features to Make it Stand OutMITRE ATT&CK Badges in UI: Modify the Alerts tab in unraid-logsviewer to parse the tags array from the Sigma rules. Display visual badges (like T1078 - Valid Accounts or Initial Access) next to the alert in the dashboard. Severity Mapping to Unraid's Notify: Map Sigma rule severities directly to Unraid's notification levels. Sigma low/medium -> Unraid -i 'normal' Sigma high -> Unraid -i 'warning' Sigma critical -> Unraid -i 'alert' Regex Timeout Guard (ReDoS Protection): Since unraid-logsviewer already limits backtracking limits (pcre.backtrack_limit) to prevent ReDoS (Regular Expression Denial of Service) [1], make sure you apply this same restriction via ini_set('pcre.backtrack_limit', 100000); before looping the Sigma regexes. Whitelisting/Exclusions: Allow users to suppress specific Sigma alerts directly from the WebGUI (e.g., clicking a "Mute Rule" button on the Alerts tab). This saves an array of muted Rule IDs to a whitelist.json file, and your PHP loop will simply continue; if the matched rule ID is in that list.
  6. First of all, excellent plugin, thanks On the other hand, can you make it so it can cover all the space? by taking all the space available maybe you can get some ideas from dozzle like having the left panel to navigate ,
  7. via MCP is possible to limit changes on unraid? like an MCP setting that only allow to consume data but not to change or modify anything in unraid, like a read only mode where any MCP skill that changes anything in unraid is blocked by the plugin
  8. Could all this be packaged in a plugin for unRAID?
  9. It would be nice support for global ENV file with custom path
  10. I need this to support Falco FalcoDeploy as a containerLearn how to run and manage Falco as a container Please add it. Unraid security options are extremely limited
  11. Can you add options to configure the statup order of the stacks and delays between them? How is the migration from the old docker compose manager? Do i have to unistall it first? What about auto updates? Any plan for this?
  12. So when I pressed "y" at the end, the program just exit, leaving the cmd again. The same happened to you? how long did you wait to reboot?
  13. It's still working fine, did it solve the issue?
  14. If I uninstall the plugin it will revert to default everything? It applies settings on boot right?
  15. Are this definitions right "Balanced Performance" - Set all CPUs frequency scaling to balanced_performance. Balances performance and power usage, with a slight bias toward efficiency. "Balanced Power" - Set all CPUs frequency scaling to balanced_power. Balances power and performance, but with a slight performance bias. It's confusing

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.