Simple web access to the logs of a host logging to a syslog-ng daemon

A quick post to describe how to access the logs for a host logging to a syslog-ng daemon through a web-interface.

Assuming a 'destination clientlogs' like the one following.
If yours does not look like this adjust.

destination clientslogs {
             
              file("/green/log/ng/$HOST/$FACILITY/$YEAR$MONTH$DAY.log"
              owner(root)
              group(adm)
              perm(0644)
              dir_perm(0755)
              create_dirs(yes)
              );
};



If you don't have apache on this host install it.
If you are paranoid about security limit access to it with iptables.
For every host that we want to access logs through a web-site we create a virtual host. eg.
<VirtualHost 10.21.241.4:80>
        ServerAdmin systems@rocks.net
        DocumentRoot /green/log/ng/host-name/local0
        ServerName host-name-log.ipduh.awmn
        ServerAlias host-name.log.ipduh.awmn
        ScriptAlias /cgi-bin2/ "/green/log/ng/host-name/local0"
        AddHandler cgi-script .do
        DirectoryIndex index.do index.html

<Directory "/green/log/ng/host-name/local0">
        AllowOverride None
        Options       ExecCGI
        Order         allow,deny
        Allow         from all
        DirectoryIndex index.do index.html

        AuthType Basic
        AuthName "host-name"
        AuthUserFile /green/log/ng/host-name/passwd/passwd
        Require valid-user

</Directory>

ErrorLog  "|/usr/sbin/rotatelogs /green/log/ng/host-name/local0/wwwlogs/error/host-name-error_log.%Y%m%d 86400"
CustomLog "|/usr/sbin/rotatelogs /green/log/ng/host-name/local0/wwwlogs/access/host-name-access_log.%Y%m%d 86400" combined




Replace 'host-name' with the host name. Put the following script in /green/log/ng/host-name/local0/index.do



#!/usr/bin/perl
#g0 2013 simple web-interface to logs gathered by syslog-ng

use strict;
use warnings;
my $host='example';
my $sepoch=time();
opendir MYDIR, ".";
my @cont = readdir MYDIR;
closedir MYDIR;

print "Content-type: text/html\n\n";
print "<html><head><title>$host Logs Index</title>";
print <<TOPTOP;
<style>
.ipduh{ font-size:.6em;}
a.ipduh:link {color:#0000FF; text-decoration:none; }
a.ipduh:visited {color:#0000FF; text-decoration:none; }
a.ipduh:hover {color:#000000; text-decoration:underline; }
a.ipduh:active {color:#000000; text-decoration:underline; }
</style>
</head><body>
$host
<br/>
****************************************
<br/>
TOPTOP

my $file;
foreach $file (sort {$b <=> $a} (@cont)){
        if($file ne ".." && $file ne "." && $file ne "wwwlogs" && $file ne "index.do" && $file ne "passwd" && $file ne '.index.do.swp' && $file ne 'stor' ){
                print "<a href=./$file>$file</a><br />";
        }
}

print<<TELOS;
<br/>
****************************************
<br/>
<a class="ipduh" title="epoch $sepoch" href=http://ipduh.com/epoch/?$sepoch>$sepoch</a>
<a class="ipduh" title="ipduh.com" href=http://ipduh.com>ipduh</a>
</html>
TELOS


That's it! easy!



Simple HTTP-web accessible syslog-ng Logs