Skip to content

glTrail on ArchLinux

Gltrail is a software for real-time viewing the relations and activities from any supported logfile format.

Nice visualization for websites (you can easily see the most visited sections on the website), SSH connections, etc.
You can tune the logs parsing by modifing the configuration file gltrail.ini.

You can grab the source code at https://github.com/Fudge/gltrail/

As I own a great ArchLinux, I will use pacman for the installation.
The logs are stored in a debian machine.

Reading the README file,for installation, after installing the QT dev headers, only a qmake command is needed.
Gltrail can work in differents modes:

  1. ./bin/gltrail gltrail.ini => custom init file
  2. ./bin/gltrail –digg => digg activity
  3. ./bin/gltrail –twitter => activity in the twitter feed

[shell]
arch /usr/local/src/gltrail # cat README
1. Install qt4-development packages and qmake
(sudo apt-get install qt4-dev-tools)
2. qmake -unix -recursive -o Makefile gltrail.pro && make
3. cp gltrail.ini-example gltrail.ini
(and replace with your information)
4. ./bin/gltrail gltrail.ini
./bin/gltrail –digg
./bin/gltrail –twitter

Note: You’ll need public-key ssh access set up to your servers,
as I haven’t found a good/free cross-platform ssh library.

Keys:
ESC = exit
SPACE = cycle between line modes (off, all, >10% of max traffic)
S = show/hide stats
B = cycle between size modes (rate, links in, links out,
links total, hits)
V = show repulsive forces
N = toggle discharge/receive forces

arch /usr/local/src/gltrail #
[/shell]

First step: Install xtail on the machine which owns the logs.

[shell]
ossim-server:~# apt-get install xtail
Running /usr/bin/apt-get install xtail
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following NEW packages will be installed:
xtail
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 11.4kB of archives.
After this operation, 69.6kB of additional disk space will be used.
Get:1 http://archive.debian.org lenny/main xtail 2.1-5 [11.4kB]
Fetched 11.4kB in 0s (39.1kB/s)
Selecting previously deselected package xtail.
(Reading database … 72177 files and directories currently installed.)
Unpacking xtail (from …/archives/xtail_2.1-5_amd64.deb) …
Processing triggers for man-db …
Setting up xtail (2.1-5) …
ossim-server:~#
[/shell]

After installing xtail (you can use the /usr/bin/tail as is), install the QT development headers on visualization machine.

[shell]
arch /usr/local/src/gltrail # pacman -S extra/qt-private-headers
resolviendo dependencias…
verificando conflictos…

Objetivos (1): qt-private-headers-4.8.1-2

Tamaño de descarga: 19,91 MiB
Tamaño instalado: 178,09 MiB

¿Continuar con la instalación? [S/n]
:: Descargando paquetes desde extra…
qt-private-headers-4.8.1-2-x86_64 19,9 MiB 186K/s 01:50 [###################################] 100%
(1/1) verificando la integridad de los paquetes [###################################] 100%
(1/1) cargando los archivos del paquete… [###################################] 100%
(1/1) verificando conflictos entre archivos [###################################] 100%
(1/1) verificando el espacio disponible en disco [###################################] 100%
(1/1) instalando qt-private-headers [###################################] 100%
arch /usr/local/src/gltrail # qmake -unix -recursive -o Makefile gltrail.pro
-unix is deprecated.
Reading /usr/local/src/gltrail/src/src.pro
arch /usr/local/src/gltrail # make
.
.
.
make[1]: se sale del directorio `/usr/local/src/gltrail/src’
arch /usr/local/src/gltrail #
[/shell]

Examining the example configuration file gltrail.ini-example, you can see the conf-like file structure, with two types of configuration entrys: a [hosts] entry, and one [entry] per host.

[shell]
arch /usr/local/src/gltrail # cat gltrail.ini-example
[hosts]
server1.example.com=example.com
server2.example.com=example.com

[example.com]
args=/var/log/apache/access_log
command=xtail
user=myuser
pattern=[\\d\\S.]+ \\S+ \\S+ \\[[^\\]]+\\] \"([^\"]*)\" \\d+ [\\S]+ \"([^\"]+)\" \"[^\"]+\"
replace_:id=/\\d+$
replace_:md5=/[a-zA-Z0-9]{32}
ignore=\\.(jpg|png|jpeg|gif|swf|js|css|jar|ico|mp3)$
ignore_url_params=true
auto_purge=true
color=#FF4444

arch /usr/local/src/gltrail #
[/shell]

I will use the default “pattern” regexp, cause apache logs will be processed. Custom logs can be viewed by modifing this regular expresion . The user can also change the “command” variable to point to the tail program.

The user can also replace patterns, ignore entrys and customize the color output.

[shell]
arch /usr/local/src/gltrail # cat gltrail.ini
[hosts]
10.50.50.1=server-home

[server-home]
#args=/var/log/libcrack/pfSense.log
#args=/var/log/messages
#args=/var/log/daemon.log
args=/var/log/apache2/access.log
command=xtail
user=root
pattern=[\\d\\S.]+ \\S+ \\S+ \\[[^\\]]+\\] \"([^\"]*)\" \\d+ [\\S]+ \"([^\"]+)\" \"[^\"]+\"
replace_:id=/\\d+$
replace_:md5=/[a-zA-Z0-9]{32}
ignore=\\.(jpg|png|jpeg|gif|swf|js|css|jar|ico|mp3)$
ignore_url_params=true
auto_purge=true
color=#FF4444

arch /usr/local/src/gltrail #
[/shell]

You can grab a screen videocapture of gltrail here

This is the output on the text console:

[shell]
arch /usr/local/src/gltrail # ./bin/gltrail gltrail.ini
Elements: 0
Reading config[gltrail.ini]
Reading [ossim]
Read [10.50.50.1]
[ossim] exec[ssh root@10.50.50.1 xtail /var/log/apache2/access.log]
reshape[512×512] = 1
reshape[475×454] = 0.955789
Elements: 0
Elements: 0
Elements: 0
Elements: 0
[/shell]

Published inlinuxlogs