Frontend viewing logfiles
Hi there, we have installed syslog-ng-pe with file encryption. Is there a webfrontend where we can search through the encrypted logfiles? e.g i have to set the cert-key-file in a config and then i can search the logfiles via webfrontend. Any ideas? Regards, Volker Lieder -- Mit freundlichen Grüßen/Best regards Volker Lieder System Administrator mail volker@its-lieder.de ITS-Lieder Kleinlindenerstrasse 3 35398 Giessen / Germany http://www.its-lieder.de UST-ID: DE260836372 ========================================================== Jegliche Stellungnahmen und Meinungen dieser E-Mail sind alleine die des Autors und nicht notwendigerweise die der Firma. Falls erforderlich, können Sie eine gesonderte schriftliche Bestätigung anfordern. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. If verification is required please request a hard-copy version.
Volker Lieder <support@its-lieder.de> writes:
Hi there,
we have installed syslog-ng-pe with file encryption. Is there a webfrontend where we can search through the encrypted logfiles?
BalaBit's SSB[1] is that web-frontend, pretty much. I do not know of any alternative (I would be *very* suprised, if there would be any). 1: http://www.balabit.com/network-security/syslog-ng/log-server-appliance -- |8]
Am 15.08.11 10:26, schrieb Gergely Nagy:
Volker Lieder<support@its-lieder.de> writes:
Hi there,
we have installed syslog-ng-pe with file encryption. Is there a webfrontend where we can search through the encrypted logfiles?
BalaBit's SSB[1] is that web-frontend, pretty much. I do not know of any alternative (I would be *very* suprised, if there would be any).
1: http://www.balabit.com/network-security/syslog-ng/log-server-appliance
Thank you, but we already licensed the non "blackbox". Any way to add a webfrontend to the selfinstalled version? Regards, Volker -- Mit freundlichen Grüßen/Best regards Volker Lieder System Administrator mail volker@its-lieder.de ITS-Lieder Kleinlindenerstrasse 3 35398 Giessen / Germany http://www.its-lieder.de UST-ID: DE260836372 ========================================================== Jegliche Stellungnahmen und Meinungen dieser E-Mail sind alleine die des Autors und nicht notwendigerweise die der Firma. Falls erforderlich, können Sie eine gesonderte schriftliche Bestätigung anfordern. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. If verification is required please request a hard-copy version.
Volker Lieder <support@its-lieder.de> writes:
Thank you, but we already licensed the non "blackbox". Any way to add a webfrontend to the selfinstalled version?
It *might* be possible, but it won't be pretty, nor performant. I'd suggest contacting BalaBit support (or sales, I have no idea which of the two would be more appropriate). -- |8]
@Disclaimer: this email has info about BalaBit commercial products, skip if this is not interesting for you. I concentrated on the question of the poster, so no shameless plugs, but some things had to be named to provide a meaningful answer. Thanks. On Mon, 2011-08-15 at 10:15 +0200, Volker Lieder wrote:
Hi there,
we have installed syslog-ng-pe with file encryption. Is there a webfrontend where we can search through the encrypted logfiles?
e.g i have to set the cert-key-file in a config and then i can search the logfiles via webfrontend.
If you mean logstore files under the term encrypted logfiles, then those are only available in the PE version and can be handled with command line tools such as "lgstool cat" or "lgstool tail". Other UNIX tools such as less, grep, perl and awk are handy too. $ lgstool cat /var/log/messages.lgs | grep "regexp" | less or $ lgstool tail -f /var/log/messages.lgs | grep "regexp" syslog-ng PE is the same "good old" syslog-ng. It has a very narrow scope: you will have to edit the configuration files directly and handle the log files with your own tools, just like with the Open Source version. If you want more than that, then that product is the syslog-ng Store Box. It would probably be possible to provide a web frontend for the PE version, but BalaBit has not done that, and is not in the current plans either (since that is SSB in our eyes). -- Bazsi
participants (3)
-
Balazs Scheidler
-
Gergely Nagy
-
Volker Lieder