PHP log viewer

Discuss Programming
Post Reply
byrdman
administrator
administrator
Posts: 225
Joined: Thu May 08, 2003 1:59 pm
Location: In the cloud

PHP log viewer

Post by byrdman » Wed Feb 10, 2010 12:04 pm

Does anyone know of a php script that can view/parse any log file in question? More specifically, the secure log? I want to make an admin page for my guys to view the /var/log/secure and see the logins for the past day. Some google responses mentioned placing into a mysql db first...? is that a good idea? Am I fishing here?
A long time ago, Void, you created a php script that let us look at the fw log. does that ring a bell?

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Wed Feb 10, 2010 5:28 pm

Not really. I'm not sure if it's overkill for you or not but we do all our log management in Splunk now:

http://www.splunk.com/

We send as much log data as we can and it's pretty easy to make nice little reports on the log data when you get the hang of it. I believe it's free as long as you don't feed it more than 500MB/day.

byrdman
administrator
administrator
Posts: 225
Joined: Thu May 08, 2003 1:59 pm
Location: In the cloud

Post by byrdman » Thu Feb 11, 2010 9:32 am

Yeah, I was looking at that but never got around to installing it. is it resource intensive? would it kill my server if it was on the same server I am logging? or should I get my own splunk server?

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Thu Feb 11, 2010 1:08 pm

I run it on my desktop at home and have all my machines and routers/firewalls log to it and it doesn't seem to sweat over it. It's a quad core with 4GB of RAM though but it's also running a few virtual machines. Having said that I got to looking at the secure logs in Splunk and it doesn't do a good job of parsing that log out by default. You could easily create field extraction rules to get what data you wanted out of it though. If you really are only interested in looking at that one log on one server maybe a perl/php script would be the best thing for you. By the way, doesn't "logwatch" run a report on that automatically about who logged in every day? By default it should run and send a copy to root's mailbox. It contains a list of all user logons, su's, etc. If nothing else you could look at the code in that script and lift out the portion that parses the secure log.

X11
guru
guru
Posts: 676
Joined: Sun Jan 19, 2003 11:09 pm
Location: Australia
Contact:

Post by X11 » Thu Feb 25, 2010 6:21 pm

Webmin has a really simple log viewer, and is its own HTTP server.

If you want to give it a shot just extract the tarball on www.webmin.com into /usr/local since its pretty self contained and upgrades itself in the upstream. Very simple stuff really.

Post Reply