 | Avast-ngAvast-ng project is A Versatile Ajax Syslog Tailer for syslog-ng. |
| Download | |
Avast-ng Ranking & Summary
Advertisement
- License:
- GPL
- Price:
- FREE
- Publisher Name:
- Krux
- Publisher web site:
- http://devel.thcnet.net/trac/avast-ng/
Avast-ng Tags
Avast-ng Description
Avast-ng project is A Versatile Ajax Syslog Tailer for syslog-ng. Avast-ng project is A Versatile Ajax Syslog Tailer for syslog-ng. Avast-ng gives you the ability to sift through vast amounts of log files, and display current syslog data which is useful to you. It's a heads up view, that sifts out all the normal flotsam in your log files, and just displays messages which you have defined to be either out of the ordinary or unexpected.With it's built in query builder, you can build new filters, to include or exclude log messages as quickly. All with a nifty intuitive AJAX interface. And you can save multiple filters, to give you quick access to the data you are looking for.Avast-ng continues to monitor your syslog messages, and automatically displays a tail like view of the most current messages matching your filter.Here are some key features of "Avast ng":· Live filterable tail of syslog messages.· Reads syslog messages stored in MySQL from syslog-ng.· 100% AJAX interface.· Create and edit new filters using a built in query builder.· Quickly change between stored filters.· Pause ouput.Syslog-ng Mysql Logging Configuration:excerpt from syslog-ng.conf---# mysql destinationdestination d_mysql { pipe("/var/log/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, date_time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL','$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );n") template-escape(yes) owner("root") group("syslogng") perm(0660) );};# mysqllog { source(src); destination(d_mysql); };---The configuration file includes the lines necessary to send a copy of the syslog data to into a MySQL database.Saving syslog data to MySQL is a two step process. First syslog-ng formats thesyslog data so it can be inserted into the database, and stores it in aspecial fifo file. Then a script is started which pipes the content of thefifo file into MySQL./usr/local/etc/syslog-ng/syslog_mysql.sh---#!/bin/shpid="`ps ax grep "mysql -u avast avast" grep -v grep awk '{ print $1 }'`"if ; then exitfiif ; then while do /usr/local/mysql/bin/mysql -u avast avast < /var/log/mysql.pipe sleep 5 doneelse mkfifo /var/log/mysql.pipefi---This script runs as the avast user, and uses the stored password file in.my.cnf to authenticate with MySQL database syslogng.This database has the following tables configured:CREATE TABLE `logs` ( `host` varchar(32) default NULL, `facility` varchar(10) default NULL, `priority` varchar(10) default NULL, `level` varchar(10) default NULL, `tag` varchar(10) default NULL, `date_time` datetime NOT NULL, `program` varchar(32) default NULL, `msg` text, `seq` int(10) unsigned NOT NULL auto_increment, PRIMARY KEY (`seq`), KEY `host` (`host`), KEY `seq` (`seq`), KEY `program` (`program`), KEY `priority` (`priority`), KEY `facility` (`facility`));CREATE TABLE `filters` ( `name` varchar(32) default NULL, `rule` text, `seq` int(10) unsigned NOT NULL auto_increment, PRIMARY KEY (`seq`), KEY `host` (`name`), KEY `seq` (`seq`));# a default sample filter that removes common up/down messages for catalyst switches# assuming you setup your devices to log to the facility local7INSERT INTO `filters` (name, rule) VALUES("default", "facility = 'local7'"),("default", "msg not like '%Autosaving system configuration to NVRAM%'"),("default", "msg not like '%Auxiliary vlan%'"),("default", "msg not like '%changed state to down%'"),("default", "msg not like '%changed state to up%'"),("default", "msg not like '%cisco-phone detected on port%'"),("default", "msg not like '%cisco-phone no longer detected on port%'"),("default", "msg not like '%has become dot1q trunk%'"),("default", "msg not like '%has become non-trunk%'"),("default", "msg not like '%joined bridge port%'"),("default", "msg not like '%last message repeated%'"),("default", "msg not like '%left bridge port%'"),("default", "msg not like '%link down/up%'"),("default", "msg not like '%powered but no link up%'"),("default", "msg not like '%SSH%'");Additionally the avast user is granted access rights to read and write datato the avast database.What's New in This Release:· User input was sanitized to prevent possible MySQL injections.· Additional checks on user input and error handling were added.
Avast-ng Related Software