kippo log playback via web
Tomasz Miklas
I'm looking for more info on setting up ajaxterm or similar (there is
one more tool that could work) to play the logs back via www interface
- something like http://kippo.rpg.fi/playlog/?l=20091122-075013-5055.log
Anyboy got more info how to get it done? All I end up with is 'session
ended' and nothing in realt-time :-/
Tomasz
Upi Tamminen
This text file describes the relevant stuff to get ajaxterm running with
kippo:
http://yog-sothoth.dragonlight.fi/kippo-ajaxterm.txt
Unfortunately i never made this into a proper patch & howto...
Actually I would like to implement this using some completely browserside
code.. maybe with the help of wterm, termilib or similar.
Or maybe just a simple conversion tool like the guys at
http://iwatchedyourhack.org/ have.
> --
> You received this message because you are subscribed to the Google Groups "kippo users" group.
> To post to this group, send email to kippo...@googlegroups.com.
> To unsubscribe from this group, send email to kippousers+...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/kippousers?hl=en.
>
Tomasz Miklas
I just posted about iwatchedyourhack seconds ago - lol at me :)
My plan is to somehow automate using ajaxterm or similar thing so I
could automatically play the new logs as they show up. That's to make
it easier for 'watchers' :)
Theoretical scenario is that I deploy kippo somewhere at some friendly
org (they let me use their IP space) and they are big enough to have
NOC/on-call staff/similar unit. I want to be able to email them (and
myself) an URL to any new session log as it shows up - web based
playback is the most efficient way to get such people look at the log
and see what's going on.
Tomasz
Tomasz Miklas
Description is very brief but sufficient to get it running. Sorry for
my lazy formatting below - don't have time for anything better now :-/
1. Get stuff and patch
wget http://yog-sothoth.dragonlight.fi/kippo-ajaxterm.tar.gz
wget http://yog-sothoth.dragonlight.fi/ajaxtermfix.patch
patch -p0 < ajaxterfix.patch
2. Open ajaxterm.py in editor and as Upi said - Grep for "/home/
desaster"... and fix the paths :-)
3. Run ajaxterm.py (no real need to install it even) and it will
listen on port 8022 by default
4. Set proxy in apache as below (or equivalent)
<Location /playlog>
ProxyPass http://localhost:8022 ttl=60
ProxyPassReverse http://localhost:8022
Order deny,allow
Allow from all
</Location>
5. Hit the web server on http://hostname/playlog/?l=<logfile_to_play>
- that's it!
Hint:
For lazy people (like myself), here's a short perl script that
generates list of logs (./genlogs.pl > logs.html):
=== cut ===
#!/usr/bin/perl
use strict;
use warnings;
# some settings
my $logdir = '/home/kippo/kippo/log/tty/';
my $url = 'http://hostname/playlog';
my $new_on_top = 1; # 0 / 1
print "<html><body>\n";
# remove 87 byte logs - they are empty
chomp(my @in = `ls -l $logdir | grep -v ' 87 '`); # laaaazyyyyyy!
# remove non .log files
@in = grep (/log$/, @in);
map { s!.*?\s+(\d+)\s+(\d{4}-\d{2}-\d{2})\s+\d{2}:\d{2}\s+(.*?)$!$2 -
<a href="$url/?l=$3">$3</a> ($1 bytes)<br>! } @in;
print join "\n", $new_on_top ? reverse @in : @in;
print "\n</body></html>\n";
=== cut ===
Have fun!
Tomasz Miklas
Sometimes I really miss quote tags from forums :)
AndrewWaite
thanks for sharing, I've had this on my to-do list but kept putting it
off. With some proven install docs I'll kick it up the list.
One thing that I've been looking at with regard to this and publishing
playback publically, [how] do you anonymise the tty playback files?
Thinking things like removing kippo server IP address etc?
--Andrew
Tomasz Miklas
I'm ok to share data based on log content or db, but not on playback.
Those guys use copy'n'paste most of the time, so looking at the text log they most likely won't notice (they do it many times a day), but when they see a 'video' of it with all their typos and responses they got... That would ring the bell in my head damn loud ;)
Tomasz