Does anyone know of a php script that can view/parse any log file in question? More specifically, the secure log? I want to make an admin page for my guys to view the /var/log/secure and see the logins for the past day. Some google responses mentioned placing into a mysql db first...? is that a good idea? Am I fishing here?
A long time ago, Void, you created a php script that let us look at the fw log. does that ring a bell?
PHP log viewer
5 posts
• Page 1 of 1
PHP log viewer
by byrdman » Wed Feb 10, 2010 12:04 pm
- byrdman
- administrator
- Posts: 225
- Joined: Thu May 08, 2003 1:59 pm
- Location: In the cloud
by Void Main » Wed Feb 10, 2010 5:28 pm
Not really. I'm not sure if it's overkill for you or not but we do all our log management in Splunk now:
http://www.splunk.com/
We send as much log data as we can and it's pretty easy to make nice little reports on the log data when you get the hang of it. I believe it's free as long as you don't feed it more than 500MB/day.
http://www.splunk.com/
We send as much log data as we can and it's pretty easy to make nice little reports on the log data when you get the hang of it. I believe it's free as long as you don't feed it more than 500MB/day.
-
Void Main - Site Admin
- Posts: 5705
- Joined: Wed Jan 08, 2003 5:24 am
- Location: Tuxville, USA
by byrdman » Thu Feb 11, 2010 9:32 am
Yeah, I was looking at that but never got around to installing it. is it resource intensive? would it kill my server if it was on the same server I am logging? or should I get my own splunk server?
- byrdman
- administrator
- Posts: 225
- Joined: Thu May 08, 2003 1:59 pm
- Location: In the cloud
by Void Main » Thu Feb 11, 2010 1:08 pm
I run it on my desktop at home and have all my machines and routers/firewalls log to it and it doesn't seem to sweat over it. It's a quad core with 4GB of RAM though but it's also running a few virtual machines. Having said that I got to looking at the secure logs in Splunk and it doesn't do a good job of parsing that log out by default. You could easily create field extraction rules to get what data you wanted out of it though. If you really are only interested in looking at that one log on one server maybe a perl/php script would be the best thing for you. By the way, doesn't "logwatch" run a report on that automatically about who logged in every day? By default it should run and send a copy to root's mailbox. It contains a list of all user logons, su's, etc. If nothing else you could look at the code in that script and lift out the portion that parses the secure log.
-
Void Main - Site Admin
- Posts: 5705
- Joined: Wed Jan 08, 2003 5:24 am
- Location: Tuxville, USA
by X11 » Thu Feb 25, 2010 6:21 pm
Webmin has a really simple log viewer, and is its own HTTP server.
If you want to give it a shot just extract the tarball on www.webmin.com into /usr/local since its pretty self contained and upgrades itself in the upstream. Very simple stuff really.
If you want to give it a shot just extract the tarball on www.webmin.com into /usr/local since its pretty self contained and upgrades itself in the upstream. Very simple stuff really.
- X11
- guru
- Posts: 674
- Joined: Sun Jan 19, 2003 11:09 pm
- Location: Australia
5 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest