Avast-ng iconAvast-ng 1.0.2

Avast-ng project is A Versatile Ajax Syslog Tailer for syslog-ng.
Avast-ng project is A Versatile Ajax Syslog Tailer for syslog-ng. Avast-ng gives you the ability to sift through vast amounts of log files, and display current syslog data which is useful to you. It's a heads up view, that sifts out all the normal flotsam in your log files, and just displays messages which you have defined to be either out of the ordinary or unexpected.

With it's built in query builder, you can build new filters, to include or exclude log messages as quickly. All with a nifty intuitive AJAX interface. And you can save multiple filters, to give you quick access to the data you are looking for.

Avast-ng continues to monitor your syslog messages, and automatically displays a tail like view of the most current messages matching your filter.

Here are some key features of "Avast ng":

Live filterable tail of syslog messages.
Reads syslog messages stored in MySQL from syslog-ng.
100% AJAX interface.
Create and edit new filters using a built in query builder.
Quickly change between stored filters.
Pause ouput.

Syslog-ng Mysql Logging Configuration:

excerpt from syslog-ng.conf
---
# mysql destination
destination d_mysql {
pipe("/var/log/mysql.pipe"
template("INSERT INTO logs (host, facility, priority, level, tag, date_time,
program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL','$TAG',
'$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );n") template-escape(yes)
owner("root") group("syslogng") perm(0660) );
};

# mysql
log { source(src); destination(d_mysql); };
---

The configuration file includes the lines necessary to send a copy of the
syslog data to into a MySQL database.

Saving syslog data to MySQL is a two step process. First syslog-ng formats the
syslog data so it can be inserted into the database, and stores it in a
special fifo file. Then a script is started which pipes the content of the
fifo file into MySQL.

/usr/local/etc/syslog-ng/syslog_mysql.sh
---
#!/bin/sh

pid="`ps ax grep "mysql -u avast avast" grep -v grep awk '{ print $1 }'`"

if [ "$pid" != "" ]; then
exit
fi

if [ -e /var/log/mysql.pipe ]; then
while [ -e /var/log/mysql.pipe ]
do
/usr/local/mysql/bin/mysql -u avast avast < /var/log/mysql.pipe
sleep 5
done
else
mkfifo /var/log/mysql.pipe
fi
---

This script runs as the avast user, and uses the stored password file in
.my.cnf to authenticate with MySQL database syslogng.

This database has the following tables configured:

CREATE TABLE `logs` (
`host` varchar(32) default NULL,
`facility` varchar(10) default NULL,
`priority` varchar(10) default NULL,
`level` varchar(10) default NULL,
`tag` varchar(10) default NULL,
`date_time` datetime NOT NULL,
`program` varchar(32) default NULL,
`msg` text,
`seq` int(10) unsigned NOT NULL auto_increment,
PRIMARY KEY (`seq`),
KEY `host` (`host`),
KEY `seq` (`seq`),
KEY `program` (`program`),
KEY `priority` (`priority`),
KEY `facility` (`facility`)
);

CREATE TABLE `filters` (
`name` varchar(32) default NULL,
`rule` text,
`seq` int(10) unsigned NOT NULL auto_increment,
PRIMARY KEY (`seq`),
KEY `host` (`name`),
KEY `seq` (`seq`)
);

# a default sample filter that removes common up/down messages for catalyst switches
# assuming you setup your devices to log to the facility local7

INSERT INTO `filters` (name, rule) VALUES
("default", "facility = 'local7'"),
("default", "msg not like '%Autosaving system configuration to NVRAM%'"),
("default", "msg not like '%Auxiliary vlan%'"),
("default", "msg not like '%changed state to down%'"),
("default", "msg not like '%changed state to up%'"),
("default", "msg not like '%cisco-phone detected on port%'"),
("default", "msg not like '%cisco-phone no longer detected on port%'"),
("default", "msg not like '%has become dot1q trunk%'"),
("default", "msg not like '%has become non-trunk%'"),
("default", "msg not like '%joined bridge port%'"),
("default", "msg not like '%last message repeated%'"),
("default", "msg not like '%left bridge port%'"),
("default", "msg not like '%link down/up%'"),
("default", "msg not like '%powered but no link up%'"),
("default", "msg not like '%SSH%'");

Additionally the avast user is granted access rights to read and write data
to the avast database.

What's New in This Release:

User input was sanitized to prevent possible MySQL injections.
Additional checks on user input and error handling were added.

last updated on:
June 10th, 2007, 4:35 GMT
price:
FREE!
developed by:
Krux
license type:
GPL (GNU General Public License) 
category:
ROOT \ System \ Logging

FREE!

In a hurry? Add it to your Download Basket!

user rating 15

UNRATED
3.2/5
 

0/5

Add your review!

SUBMIT