Log file dealing


(Marko Dargel) #1

NethServer Version: 7.4 ELREPO-Kernel
Hello, is there no other way to read and anylyze the log files? Its very horrible only to have the possibility to scroll through long lists.
I miss:

  • static Filtering (days, weeks, months, IPs, FQDNs, Ports, DNS-Stats and so on)
  • dynamic filter for drill down and aggregation
  • reverse order - newest entries at first.

Is there not any solution?

I belief you should have a look to FTL on pihole.

best regards, Marko


(Rob Bosch) #2

You can always check them through the terminal and ‘grep’ through the log files. Logs are in default directory /var/log/


(Marko Dargel) #3

I see - you’re the crack - I’m not.But I will do my best.:grinning:

I think NethServer is such a well developed system that it should not be necessary to be a Linux/command line crack.

Best regards, MArko


(Eddie Atherton) #4

I use logwatch which e-mails me a daily report. Not as comprehensive as FTL, but easier on the eyes than scrolling through log files.

Cheers.


(Rob Bosch) #5

Believe me, I came from MS too and feared that black box as much as you do… :slight_smile: But you just should give it a try and get used to the terminal/SSH.
Using it gives you more understanding about locations of files and the logic of Linux (IMO far more easier set up than Windows… )


(Marko Dargel) #6

Hi Eddie, thanky for the hint.


(Jeroen Visser) #7

Or implement a central syslog server, and collect & analyze your logs there.

(like https://www.graylog.org/ )


(Marko Dargel) #8

@robb

#Offtopic:
I am at home on the Mac and work concurrently on the Raspi and a Synology diskstation with CHROOT.
I tried a lot of things - my first Linux was slackware in the 90s. But I never made it to command line wizzard.
Grep was always witchcraft for me, as well as regular expressions.
Thank you for giving me courage, MArko


(Rob Bosch) #9

I sense a new project/NS software install/module rawrrrr


(Marko Dargel) #10

@planet_jeroen
…sounds good.

Graylog offers official DEB and RPM package repositories. The packages have been tested on the following operating systems:

Ubuntu 12.04, 14.04, 16.04
Debian 7, 8, 9
RHEL/CentOS 6, 7

The repositories can be setup by installing a single package. Once that’s done the Graylog packages can be installed via apt-get or yum.

Thanks, MArko


(Jeroen Visser) #11

https://www.elastic.co/solutions/logging looks nice too, and I heard great stories about it.


(Marko Dargel) #12

@robb
In my opinion: an essential component for a higher acceptance and distribution of NethServer.
Preferably integrated as an application like ntopng.
Sincerly, MArko


(Jeroen Visser) #13

To be fair, the search function works pretty nice … you just enter the value to filter on, and it will access all listed logs in search of it, and present those that contain hits. Upon opening, you will only get the results with matches.

If you know vaguely what to look for, it is hard to miss, actually.


(Michael Kicks) #14

I would like to have “more coded” features…

  • Live log streaming on page, with highlight and filtering boxes for enlight interesting things or cut not interesting ones
  • javascript-based filtering, for archived logs, for more responsive output.

(Marko Dargel) #15

Thats the point. Often I don’t know and I have to learn what I should know.


(Jeroen Visser) #16

Thats where vague comes along … you can litterally search for ANY know value, and browse a bit.

Connections issues ? Look for your own IP or the username entered.
FTP issues ? Look for FTP
Mail issues ? Look smtp, imap, sogo or the like.

If you apply your non-nethserver-specific knowledge to the topics, you will easily get there. The manual helps a lot too. It’s mostly up to date, and a wealth of ‘gotcha’ information, instead of exhaustive lists with features you will likely never use.


(Marko Dargel) #17

I really like this project, especially since you get the feeling that everything is (somehow) doable. And everyone helps as best they can.


(Filippo Carletti) #18

I can’t check right now, but I think that the new log viewer has some of the features you like.
See here for instructions to install cockpit:


(Marko Dargel) #19

Thankyou @filippo_carletti.
But the installation fails:

    [root@nethserver ~]# yum --enablerepo=nethserver-testing install nethserver-cockpit nethserver-cockpit-dummy
Geladene Plugins: changelog, fastestmirror, nethserver_events
base                                                     | 3.6 kB     00:00
centos-sclo-rh                                           | 2.9 kB     00:00
centos-sclo-sclo                                         | 2.9 kB     00:00
elasticsearch-5.x                                        | 1.3 kB     00:00
elrepo                                                   | 2.9 kB     00:00
elrepo-extras                                            | 2.9 kB     00:00
elrepo-kernel                                            | 2.9 kB     00:00
epel/x86_64/metalink                                     |  30 kB     00:00
extras                                                   | 3.4 kB     00:00
graylog                                                  | 2.9 kB     00:00
mongodb-org-3.6                                          | 2.5 kB     00:00
nethforge                                                | 4.0 kB     00:00
nethserver-base                                          | 2.9 kB     00:00
nethserver-testing                                       | 2.9 kB     00:00
nethserver-updates                                       | 4.1 kB     00:00
updates                                                  | 3.4 kB     00:00
nethserver-testing/7/x86_64/primary_db                     |  74 kB   00:00
Loading mirror speeds from cached hostfile
 * base: mirror.fra10.de.leaseweb.net
 * elrepo: ftp.nluug.nl
 * elrepo-extras: ftp.nluug.nl
 * elrepo-kernel: ftp.nluug.nl
 * epel: ftp.nluug.nl
 * extras: mirror.daniel-jost.net
 * nethforge: smart-ict.services
 * nethserver-base: smart-ict.services
 * nethserver-updates: smart-ict.services
 * updates: mirror.418grad.media
Kein Paket nethserver-cockpit verfügbar.
Kein Paket nethserver-cockpit-dummy verfügbar.
Fehler: Nichts zu tun

best regards, Marko


(Filippo Carletti) #20

The package is no longer in the testing repository. I suspect a cleanup script did its jobs too aggressively. :slight_smile:
I tried to rebuild the package, but failed:
cp: cannot stat ‘ui/system/nethserver-cockpit-ui-*.tar.gz’: No such file or directory

I hope that @davidep or @giacomo will be able to build it next Monday.