Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

L0rdRaiden

Members
  • Joined

  • Last visited

Everything posted by L0rdRaiden

  1. it worked after a reboot....
  2. Probably one of the most useful plugins. The alert system is the best feature
  3. Attached unraid-diagnostics-20260531-1644.zip
  4. I am using 7.2.5 I have tried to update to 7.3.1 and any of the previous versions but + in this screen after I click on "confirm" the popups gets closed and nothing happens, there is no trace on the log either. Any idea what could be wrong? I have tried with 2 browsers, without add blockers...
  5. Another thing is more rules around security Auditd could be enable https://forums.unraid.net/topic/197621-plugin-logs-viewer-real-time-log-viewer-dashboard-widget-for-unraid/ To keep the plugin lightweight (since Unraid runs entirely in RAM) and seamlessly integrate it with the existing PHP/WebGUI architecture, here is the complete technical blueprint for adding Sigma support, auditd, state management, and auto-updating rules. 1. Architecture: The "Pre-Compiled" StrategyUnraid is based on Slackware, and installing Python just to run the sigma-cli converter natively is too heavy. The Solution: Use GitHub Actions in your repository to run a daily workflow that pulls the latest SigmaHQ rules, converts them to standard PCRE Regular Expressions (using sigma-cli targeting grep/php), and outputs a sigma_rules_compiled.json file. Your Unraid plugin will simply download this JSON file. It keeps the plugin incredibly fast and completely dependency-free. 2. Enabling auditd in UnraidUnraid's kernel usually supports auditing (CONFIG_AUDIT=y), but the userland tools are not installed by default. You need to pull the Slackware audit package during the plugin installation. In your .plg file, add the installation steps: <!-- Download and install the Slackware audit package --> <FILE Name="/boot/config/plugins/unraid-logsviewer/packages/audit-x86_64.txz" Run="upgradepkg --install-new"> <URL>https://slackware.uk/slackware/slackware64-15.0/slackware64/a/audit-3.0.1-x86_64-2.txz</URL> </FILE> <!-- Start auditd and load rules on boot --> <FILE Run="/bin/bash"> <INLINE> # Basic audit rules for Unraid (tracking executions, root actions) cat &lt;&lt; 'EOF' &gt; /etc/audit/audit.rules -D -b 8192 -w /etc/passwd -p wa -k identity -w /etc/shadow -p wa -k identity -a always,exit -F arch=b64 -S execve -F euid=0 -k root_action EOF # Start the daemon /sbin/auditd /sbin/auditctl -R /etc/audit/audit.rules echo "Auditd enabled and rules loaded." </INLINE> </FILE> Note: This will output logs to /var/log/audit/audit.log, which you can add as a new source in your logsviewer. 3. State Management: Preventing Duplicate ScansTo avoid scanning logs you have already scanned (crucial for both scheduled and on-demand scans), you must implement a File Cursor / Bookmark system tracking the inode and byte_offset. Create a PHP helper (cursor_manager.php) in your plugin: <?php $CURSOR_FILE = '/tmp/logsviewer_sigma_cursors.json'; function get_cursor($filepath) { global $CURSOR_FILE; if (!file_exists($CURSOR_FILE)) return ['inode' => 0, 'offset' => 0]; $cursors = json_decode(file_get_contents($CURSOR_FILE), true); $current_inode = fileinode($filepath); // If log was rotated, inode changes, reset offset to 0 if (isset($cursors[$filepath]) && $cursors[$filepath]['inode'] === $current_inode) { return $cursors[$filepath]; } return ['inode' => $current_inode, 'offset' => 0]; } function save_cursor($filepath, $inode, $offset) { global $CURSOR_FILE; $cursors = file_exists($CURSOR_FILE) ? json_decode(file_get_contents($CURSOR_FILE), true) : []; $cursors[$filepath] =['inode' => $inode, 'offset' => $offset]; file_put_contents($CURSOR_FILE, json_encode($cursors)); } ?> Note: This will output logs to /var/log/audit/audit.log, which you can add as a new source in your logsviewer. 3. State Management: Preventing Duplicate ScansTo avoid scanning logs you have already scanned (crucial for both scheduled and on-demand scans), you must implement a File Cursor / Bookmark system tracking the inode and byte_offset. Create a PHP helper (cursor_manager.php) in your plugin: <?php $CURSOR_FILE = '/tmp/logsviewer_sigma_cursors.json'; function get_cursor($filepath) { global $CURSOR_FILE; if (!file_exists($CURSOR_FILE)) return ['inode' => 0, 'offset' => 0]; $cursors = json_decode(file_get_contents($CURSOR_FILE), true); $current_inode = fileinode($filepath); // If log was rotated, inode changes, reset offset to 0 if (isset($cursors[$filepath]) && $cursors[$filepath]['inode'] === $current_inode) { return $cursors[$filepath]; } return ['inode' => $current_inode, 'offset' => 0]; } function save_cursor($filepath, $inode, $offset) { global $CURSOR_FILE; $cursors = file_exists($CURSOR_FILE) ? json_decode(file_get_contents($CURSOR_FILE), true) : []; $cursors[$filepath] =['inode' => $inode, 'offset' => $offset]; file_put_contents($CURSOR_FILE, json_encode($cursors)); } ?> 4. The Scanning Engine (On-Demand & Scheduled)Since unraid-logsviewer already runs a cron job [1], you can inject this logic into the existing scanner, or expose it via an API endpoint for on-demand scanning. Here is the core PHP logic to scan only new lines: <?php require_once 'cursor_manager.php'; // 1. Load compiled Sigma rules $sigma_rules = json_decode(file_get_contents('/boot/config/plugins/unraid-logsviewer/sigma_rules_compiled.json'), true); $log_files =['/var/log/syslog', '/var/log/dmesg', '/var/log/audit/audit.log']; foreach ($log_files as $file) { if (!file_exists($file)) continue; $cursor = get_cursor($file); $handle = fopen($file, 'r'); // Seek to the last read position instantly fseek($handle, $cursor['offset']); while (($line = fgets($handle)) !== false) { // Fast matching foreach ($sigma_rules as $rule) { if (preg_match($rule['regex'], $line)) { // Trigger Unraid Notification $command = escapeshellcmd("/usr/local/emhttp/webGui/scripts/notify"); $args = "-e 'Sigma Alert' -s '{$rule['title']}' -d '{$line}' -i 'alert'"; exec("$command $args"); // Save to local alert history SQLite/JSON log_alert($rule['title'], $line, $rule['severity']); } } } // Save new cursor position save_cursor($file, fileinode($file), ftell($handle)); fclose($handle); } ?> To trigger an On-Demand scan, simply tie an AJAX POST request from the LogsViewer UI to this PHP script. Because of fseek, it will instantly process only the lines written since the last cron run, making it lightning fast. 5. Auto-Update FeatureTo keep the rules up-to-date automatically, add a lightweight script (update_sigma.php) that runs daily via Unraid's /etc/cron.daily/: <?php $remote_url = "https://raw.githubusercontent.com/Lazaros-Chalkidis/unraid-logsviewer/main/sigma_rules_compiled.json"; $local_file = "/boot/config/plugins/unraid-logsviewer/sigma_rules_compiled.json"; $remote_content = file_get_contents($remote_url); if ($remote_content) { $remote_hash = md5($remote_content); $local_hash = file_exists($local_file) ? md5_file($local_file) : ''; if ($remote_hash !== $local_hash) { file_put_contents($local_file, $remote_content); // Optional: Send Unraid notification that rules were updated exec("/usr/local/emhttp/webGui/scripts/notify -e 'Logs Viewer' -s 'Sigma Rules Updated' -d 'New threat definitions downloaded' -i 'normal'"); } } ?> 6. Extra Features to Make it Stand OutMITRE ATT&CK Badges in UI: Modify the Alerts tab in unraid-logsviewer to parse the tags array from the Sigma rules. Display visual badges (like T1078 - Valid Accounts or Initial Access) next to the alert in the dashboard. Severity Mapping to Unraid's Notify: Map Sigma rule severities directly to Unraid's notification levels. Sigma low/medium -> Unraid -i 'normal' Sigma high -> Unraid -i 'warning' Sigma critical -> Unraid -i 'alert' Regex Timeout Guard (ReDoS Protection): Since unraid-logsviewer already limits backtracking limits (pcre.backtrack_limit) to prevent ReDoS (Regular Expression Denial of Service) [1], make sure you apply this same restriction via ini_set('pcre.backtrack_limit', 100000); before looping the Sigma regexes. Whitelisting/Exclusions: Allow users to suppress specific Sigma alerts directly from the WebGUI (e.g., clicking a "Mute Rule" button on the Alerts tab). This saves an array of muted Rule IDs to a whitelist.json file, and your PHP loop will simply continue; if the matched rule ID is in that list.
  6. First of all, excellent plugin, thanks On the other hand, can you make it so it can cover all the space? by taking all the space available maybe you can get some ideas from dozzle like having the left panel to navigate ,
  7. via MCP is possible to limit changes on unraid? like an MCP setting that only allow to consume data but not to change or modify anything in unraid, like a read only mode where any MCP skill that changes anything in unraid is blocked by the plugin
  8. Could all this be packaged in a plugin for unRAID?
  9. It would be nice support for global ENV file with custom path
  10. I need this to support Falco FalcoDeploy as a containerLearn how to run and manage Falco as a container Please add it. Unraid security options are extremely limited
  11. Can you add options to configure the statup order of the stacks and delays between them? How is the migration from the old docker compose manager? Do i have to unistall it first? What about auto updates? Any plan for this?
  12. So when I pressed "y" at the end, the program just exit, leaving the cmd again. The same happened to you? how long did you wait to reboot?
  13. It's still working fine, did it solve the issue?
  14. If I uninstall the plugin it will revert to default everything? It applies settings on boot right?
  15. Are this definitions right "Balanced Performance" - Set all CPUs frequency scaling to balanced_performance. Balances performance and power usage, with a slight bias toward efficiency. "Balanced Power" - Set all CPUs frequency scaling to balanced_power. Balances power and performance, but with a slight performance bias. It's confusing
  16. As a reference is not needed, it works without it apparently, and it's an "unsafe" practice.
  17. Network config Docker Settings eth4 or its vlans don't appear I have rebooted, apply the settings several times but always the same result.... can anyone help me to troubleshoot this bug? Diagnostic file attached unraid-diagnostics-20250708-2208.zip
  18. Tailscale in LXC containers · Tailscale Docs To configure this, this is the right way? is "lxc.cap.drop =" needed? # Allow Tailscale to work lxc.cap.drop = lxc.cgroup2.devices.allow = c 10:200 rwm lxc.mount.entry = /dev/net/tun dev/net/tun none bind,create=file
  19. No, still consuming 4 or 5 gb, in previous versions 21. A lot of people have been reporting this here and in reddit but officially there is no acknowledge officially by unRAID
  20. And could you please consider to implement the concept of global env in combination with the "local" one? You could add the setting here for the global path env And then modify the code to run both env files in case the global one exist. This is the script I use to launch after array start, the problem is that isn't "compatible" with compose manager since I can't use a global env #!/bin/bash # Exit on error, unset variables, and pipefail set -eo pipefail sleep 10 echo "⏹️ Checking running containers..." running_containers=$(docker ps -q) if [ -n "$running_containers" ]; then echo "⏹️ Stopping all running containers..." docker stop $running_containers echo "✅ Containers stopped successfully." else echo "✅ No running containers." fi echo "" # Base path for docker-compose files base_path="/mnt/services/docker/git/homeserver/docker-compose" # Path to the global .env file global_env_file="$base_path/.env" # Check if global .env exists if [ ! -f "$global_env_file" ]; then echo "⚠️ Global .env file not found at $global_env_file — proceeding anyway." fi # Function to parse .env file into an associative array parse_env_file() { local file=$1 declare -n env_map=$2 # Use -g if you need it globally, but local nameref is good here # Read only lines that are not comments and contain an equals sign while IFS='=' read -r key value || [[ -n "$key" ]]; do # Basic sanitization of key, skip if key is empty after read key=$(echo "$key" | sed 's/^[[:space:]]*//;s/[[:space:]]*$//') if [[ -z "$key" ]]; then continue fi # Trim spaces from value value=$(echo "$value" | sed 's/^[[:space:]]*//;s/[[:space:]]*$//') # Remove quotes if present (handles simple cases) value="${value#\"}"; value="${value%\"}" value="${value#\'}"; value="${value%\'}" env_map["$key"]="$value" done < <(grep -Ev '^[[:space:]]*#|^[[:space:]]*$' "$file" | grep '=') } # List of services with their delay in seconds (format: "service:delay") services_with_delays=( "adguardhome5:0" "adguardhome6:0" "administration:0" "komodo:0" "homeautomation:0" "media:0" "webproxyint:60" "safeline:30" "webproxydmz:0" "monitoring:0" "backup:0" #"portainer:10" #"dockge:10" #"immich:10" ) # List of containers to stop at the end containers_to_stop=( "Netdata" ) # Start services with delays for entry in "${services_with_delays[@]}"; do IFS=":" read -r service delay <<< "$entry" compose_file="$base_path/$service/docker-compose.yml" local_env_file="$base_path/$service/.env" echo "" echo "🚀 Starting service: $service" # Check if the docker-compose file exists if [ ! -f "$compose_file" ]; then echo "❌ Compose file not found for $service at $compose_file. Skipping." continue fi # Check for env file collisions if [ -f "$global_env_file" ] && [ -f "$local_env_file" ]; then declare -A global_vars declare -A local_vars parse_env_file "$global_env_file" global_vars parse_env_file "$local_env_file" local_vars for key in "${!global_vars[@]}"; do if [[ -n "${local_vars[$key]}" ]]; then echo "⚠️ Variable override detected for '$key'" echo " 🌐 Global value: ${global_vars[$key]}" echo " 📁 Local value: ${local_vars[$key]}" fi done fi # Build docker compose command arguments compose_cmd_args=("-f" "$compose_file") # Add global .env file if it exists if [ -f "$global_env_file" ]; then compose_cmd_args+=("--env-file" "$global_env_file") fi # Add local .env file if it exists if [ -f "$local_env_file" ]; then compose_cmd_args+=("--env-file" "$local_env_file") fi # Run docker compose with the accumulated arguments compose_cmd_args+=("up" "-d") echo "🐳 Executing: docker compose ${compose_cmd_args[*]}" if docker compose "${compose_cmd_args[@]}"; then echo "✅ Service $service started successfully." else echo "❌ Failed to start service $service. Check output above." # Consider 'exit 1' or other error handling if a service fails to start fi echo "⏳ Waiting $delay seconds..." sleep "$delay" done echo "" echo "✅ All services have been started in order." echo "" # Stop specific containers at the end of the process echo "🛑 Stopping specific containers at the end of the process..." for container in "${containers_to_stop[@]}"; do if docker ps -q -f name="^${container}$" > /dev/null; then docker stop "$container" echo "✅ Container stopped: $container" else echo "ℹ️ Container not running or not found: $container" fi done echo "" echo "🏁 Process completed."
  21. I'm getting this error .env doesn't exist: /mnt/services/docker/git/homeserver/docker-compose/ Any idea why? Does it replace the env file that is in the same path than the yml? or it's actually a global env? I want both files to be available to the compose project. Basically if I remember well I can achieve this with docker compose \ -f /mnt/services/docker/docker-compose/Monitoring/docker-compose.yml \ --env-file /mnt/services/docker/docker-compose/.env \ ##GLOBAL --env-file /mnt/services/docker/docker-compose/Monitoring/.env \ ##SPECIFIC ENV up -d
  22. Docker compose official support Current templates could be just compose files, migration would be easy, templates to compose files could be automated. It makes sense to use compose since it's an universal standard and not the unRAID templates
  23. Docker released Docker Scout. I think it would be interesting at least to have the scout-cli already included in Unraid by default. An step further would be an additional page in unraid to see a report of the vulnerabilities found, the command line is pretty simple and the output could be easily formated for a web internface. https://docs.docker.com/scout/ https://github.com/docker/scout-cli https://docs.docker.com/scout/dashboard (this is only docker hub, doesn't apply just interesting)
  24. @primeval_god Could you please add the option to use a global env? It would be easier to manager in a single file things like common variables, IPs, etc

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.