Skip to content
/ tails Public
forked from portertech/tails

Aggregate your syslog messages & filter for those that matter in real time.

github.com/portertech/tails

License

MIT license
1 star 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tomashley/tails

BranchesTags
 
 

Repository files navigation

Aggregate your syslog messages & filter for those that matter in real time.

How It Works

Tails acts as a syslog server, collecting messages via UDP. Messages are broadcasted to your browser using a HTML 5 WebSocket.

The browser is responsible for message filtering, separating them into defined “streams”.

You can create steams, each with their own filter terms (regular expressions).

For example:

You could tail SSH logins with the term:

sshd

Or ignore LDAP messages with the term:

^(?!.*slapd).*$

Messages are non-persistent and they are automatically pruned.

Demo

You can find a working demo Here, protected with HTTP auth (admin:admin).

Requirements

Clients

  • rsyslog or syslog-ng

Server

  • Node.js v0.4.1

Interface

  • A browser with WebSocket support

Install & Configure

Server

Install with Chef

For those who are OpsCode Chef users, a cookbook is available Here.

Install Node.js v0.4.1

cd /usr/local/src
wget http://nodejs.org/dist/node-v0.4.1.tar.gz
tar -xvf node-v0.4.1.tar.gz && cd node-v0.4.1
export JOBS=2
./configure --prefix=/usr/local/node
make
sudo make install
export PATH=/usr/local/node/bin:$PATH
echo "export PATH=/usr/local/node/bin:$PATH" | sudo tee -a /etc/profile
node -v

Install Tails

cd /usr/local/src
wget https://github.com/downloads/portertech/tails/tails-0.0.1.tar
tar -xvf tails-0.0.1.tar -C /opt && cd /opt/tails

Configure Tails

Tails uses a single JSON file for configuration.

config.json:

{
  "version": "v0.4.1",
  "http": {
    "auth": {
      "username": "admin",
      "password": "admin"
    },
    "port": 80
  },
  "syslog": {
    "port": 514
  }
}

Run

Node.js process monitoring is outside the scope of this readme, you can run with nohup.

cd /opt/tails && sudo nohup node server.js &

Clients

Append the following to your configuration file for your prefered syslog service.

Replace “tails.example.ca” with the hostname or IP address of your server running Tails.

Rsyslog

*.* @tails.example.ca:514

Syslog-ng

destination tails { udp("tails.example.ca" port(514)); };
log { source(s_all); destination(tails); };

Restart the service after the change.

What’s Next

  • [ ] Pause & resume tail
    • buffer incoming messages when paused, force resume when the buffer reaches a certain size
  • [ ] Export paused tail to csv

CRUD

curl -id ‘name=foo’ localhost/streams

curl -i localhost/streams –> {“foo”:{“name”: “foo”, “terms”:[]}

curl -id ‘term=bar’ localhost/streams/foo/terms

curl -i localhost/streams –> {“foo”:{“name”: “foo”, “terms”:[“bar”]}}

curl -iX DELETE localhost/streams/foo/terms/bar

curl -iX DELETE localhost/streams/foo

Contributors

Sean Porter

Justin Kolberg

About

Aggregate your syslog messages & filter for those that matter in real time.

github.com/portertech/tails

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published