Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Logfiles Made Interesting with glTail

CmdrTaco posted about 7 years ago | from the because-you-can dept.

131

Fudgie writes "My boss claimed it was pretty much impossible to create an entertaining way to visualize server traffic and events in a short time frame, so of course I had to prove him wrong. A weekend of neglecting my family produced a small ruby program which connects to your servers via SSH, grabs and parses data from Apaches access log and Ruby on Rails production log, and displays your traffic and statistics in real-time using a simple OpenGL interface (tested under Linux and Mac OS/X). It's a bit hard to explain over text, so please have a look at fudgie.org for an example movie, and more information."

Sorry! There are no comments related to the filter you selected.

Oh dear... (5, Funny)

DamonHD (794830) | about 7 years ago | (#20887681)

...I'm afraid that's the nearest I've seen to a simulated pissing contest ever! B^>

Rgds

Damon

Re:Oh dear... (0)

Anonymous Coward | about 7 years ago | (#20887721)

And when the big blobs appear, does that mean he's passing stones?

Re:Oh dear... (1)

Nimey (114278) | about 7 years ago | (#20889257)

I think those are blobs of spooge. Excitement from having such a large request, possibly.

Oh great... (5, Funny)

GodlikeDoglike (600594) | about 7 years ago | (#20887705)

...we just made his log screen look like a bukkake flick.

Just took a look at the video (2, Funny)

Centurix (249778) | about 7 years ago | (#20887709)

And it looks like lots of things taking a wee. Once the site is slashdotted, it'll be a veritable golden shower...

Nice work though.

Wait, what... they're not interesting? (0)

Anonymous Coward | about 7 years ago | (#20887711)

I love looking at log files through less. Tons of fun.

Re:Wait, what... they're not interesting? (0)

Anonymous Coward | about 7 years ago | (#20888251)

Growl.

I spent a day last week tail -f'ing the access logs of two servers, and kick a couple of WebSphere 4 instances each time the xterms stopped scrolling, indicating the bloody JVMs had locked themselves up again. About every 30 minutes or so, significantly less as the load diminished in the afternoon. The time spent waiting was used to attempt to figure out just why I had to do this. To no avail, the next day we switched over to a different set of servers running the old version. Definitely not my idea of fun. Although, at least the access log is meaningful, compared to the appserver logs, full of exceptions and stack traces that result from "known errors" that haven't been fixed for almost half a decade.

Re:Wait, what... they're not interesting? (5, Interesting)

Fudgie (594631) | about 7 years ago | (#20890659)

A lot of my time at work is spent looking at logfiles from webservers, applications servers, and databases looking for things about to break down, but after I introduced this I just need to glance at a screen to instantly see if some server has stopped answering, is taking too long to answer, or is generating way more exceptions than normal. I also add an event (the login text bouncing down the screen in the movie) on each money generating activity, which always amazes marketing people when they walk by.

Re:Wait, what... they're not interesting? (1)

mboverload (657893) | about 7 years ago | (#20890945)

Very cool.

This is the first time I have felt I needed to say anything on Slashdot in a while.

Well done, sir.

engineering management 101 (5, Funny)

Anonymous Coward | about 7 years ago | (#20887729)

tell the engineer it can't be done

Re:engineering management 101 (0)

Anonymous Coward | about 7 years ago | (#20888125)

Greatest comment ever.

Re:engineering management 101 (1)

mattgreen (701203) | about 7 years ago | (#20888253)

It really is. Kudos to the original poster, I chuckled quite a bit.

Re:engineering management 101 (3, Funny)

H310iSe (249662) | about 7 years ago | (#20889309)

Just want to give props, very nice you made my morning. Now to convert this to a heads up display for my helmet and I'm 1 step closer to becoming the motorcycle hacker I always dreamed I could be. And 1 step closer to earning a darwin award...

Visitorville (4, Interesting)

Anonymous Coward | about 7 years ago | (#20887759)

The most entertaining way I ever saw to view logs was Visitorville [visitorville.com] -its kind of like SimCity meets web logging.

Looks promising (0)

Anonymous Coward | about 7 years ago | (#20887761)

Can the same concept be used for graphing network traffic, perhaps from netflow?

Re:Looks promising (5, Interesting)

Fudgie (594631) | about 7 years ago | (#20887787)

Anything put into a logfile could be parsed and shown. I've tried with emails, shoutcast listeners and server logins, but they're not as interesting to show in the movie as I don't have the kind of traffic to make it useful.

Re:Looks promising (1)

MarkRose (820682) | about 7 years ago | (#20889477)

This would be really handy for MySQL queries. My shared MySQL server runs 10 to 200 queries per second for me alone. Finding a good way to represent the data could be interesting.

Re:Looks promising (3, Funny)

DudeTheMath (522264) | about 7 years ago | (#20890371)

So...how many hours of unpaid overtime did your boss get out of you?

I like getting paid for my awesome work. Kudos, though.

Not "Fudgie", glTail (4, Informative)

gumpish (682245) | about 7 years ago | (#20887779)

It's pretty obvious that fudgie.org is just the name of the site and glTail is the name of the program.

Re:Not "Fudgie", glTail (0)

Anonymous Coward | about 7 years ago | (#20887955)

There is no such thing as a "forward slash".
There is only "slash" and "backslash".
Or if you're British, it's 'stroke' not 'slash'. I'm not sure if we've got an equivalent improvement on 'backslash' though.

Re:Not "Fudgie", glTail (1)

Bert64 (520050) | about 7 years ago | (#20888325)

Also, "slash" is also British slang for "urinate".

Re:Not "Fudgie", glTail (1)

Aladrin (926209) | about 7 years ago | (#20888633)

And American slang for 'fan-fiction with male-male relationships.' What's your point?

Re:Not "Fudgie", glTail (2, Funny)

nacturation (646836) | about 7 years ago | (#20890317)

Also, "slash" is also British slang for "urinate".
And backslash is what happens if you urinate onto a parabolic surface?
 

Re:Not "Fudgie", glTail (1)

LiquidCoooled (634315) | about 7 years ago | (#20891529)

Actually, I think backslash occurs when you try pissing into the wind.

Re:Not "Fudgie", glTail (-1, Troll)

Anonymous Coward | about 7 years ago | (#20887987)

Oh what, you expect Taco to actually pay attention to what he's posting? He's only been doing this for ten years. It'll be another 15 or 20 before he begins to get article titles right...

Re:Not "Fudgie", glTail (1)

JamesRose (1062530) | about 7 years ago | (#20888091)

On the main page it says glTail, and when you click the link to read it with comments it says Fudgie, so actually, it seems both are there.

Wow ! (4, Interesting)

cheros (223479) | about 7 years ago | (#20887789)

Obligatory jokes about 'taking the piss' aside, that is brilliant. It's the ultimate 'machine that does ping' (to name an old sketch) to keep management amused, but also provides real data. I bet that screen will go ballistic when you get Slashdotted (also a good way to visualise DDoS, maybe?).

I was about to say that it's a sort of etherape on steroids, but I've just realised your visualisation could benefit etherape instead (if you don't know etherape, look it up. No tools identifies a virus infection quicker).

Class, I'm impressed.

Re:Wow ! (2, Insightful)

bughunter (10093) | about 7 years ago | (#20888323)

I bet that screen will go ballistic when you get Slashdotted

Look closer. It already is ballistic.

Re:Wow ! (1)

Poromenos1 (830658) | about 7 years ago | (#20889127)

Man, capitalize names. I got all sorts of things in my mind when I read about your EtheRape program...

Re:Wow ! (1)

nilbud (1155087) | about 7 years ago | (#20890873)

Looks like you said the secret part out loud again. You remember talking to the councillors in the hospital about the urges. Take one of the big green pills, have a good sleep and phone Dr. Green first thing in the morning. Whatever you do stay away from the zoo, remember what the judge said.

just a ploy to visualize the slashdot effect (2, Interesting)

molo (94384) | about 7 years ago | (#20887831)

Notice in the movie that one of the sites being monitored is fudgie.org, which is what is linked to here. This looks like a ploy to visualize the slashdot effect. :) Wonder what that must look like. Might tax the renderer pretty hard. I guess that is one way to get load testing done!

-molo

Re:just a ploy to visualize the slashdot effect (5, Informative)

Fudgie (594631) | about 7 years ago | (#20887863)

Still running at 30 fps with ~25 requests / second.

Re:just a ploy to visualize the slashdot effect (0)

Anonymous Coward | about 7 years ago | (#20888043)

Can you post UserAgent/OS statistics?
Please!

User agents and OS (1)

Wabbit Wabbit (828630) | about 7 years ago | (#20888623)

This would be very cool indeed.

I guess we could download the source and do it ourselves!

I don't know why so many comments were hating on this tool. As a big fan of "visualization" (Tufte books, etc.) I find Fudgie easy to understand and useful. The possibilities here are amazing.

Kudos to you, Fudgie (er...that sounds kinda bad)

Re:just a ploy to visualize the slashdot effect (1)

Fweeky (41046) | about 7 years ago | (#20889935)

I just ran it through 10,000 Apache requests. After a minute and a half or so it stopped spewing dots from most of the graphs other than the "Content" ones, which spewed for about 8 minutes. In all those logs (about 60 seconds of activity) took 6 minutes 22 seconds CPU time on a 1.66GHz Core Duo Mac Mini.

Most of that time seems to have been spent drawing dots at maximum speed spewing out of the "Content" lines; maybe they need to increase speed in response to higher request rates so it's not waiting for them to clear the screen so much?

Re:just a ploy to visualize the slashdot effect (2, Informative)

Fudgie (594631) | about 7 years ago | (#20890597)

Not sure why it stopped for you, I've had it running throughout a slashdotting without any problems at all. Peaked at 3500 req/min and still spewed dots from all the correct places at 30 fps.

Re:just a ploy to visualize the slashdot effect (1)

Fweeky (41046) | about 7 years ago | (#20890883)

Well, each stream seems to have a maximum rate it can spew out dots; if you exceed that, they back up. If you can spew out 1,000 dots from each stream in a minute but you've got 10,000 to actually spew through it, it's going to take 10 minutes doing it.

Re:just a ploy to visualize the slashdot effect (5, Interesting)

Fudgie (594631) | about 7 years ago | (#20887965)

http://www.fudgie.org/slashdotted.jpg [fudgie.org] for how that looks.

That's no moon (1)

rjamestaylor (117847) | about 7 years ago | (#20888035)

Serious prostrate problems at Fundie.org, it appears... I'm looking forward to plugging this in to sysstat for some over-utilized servers I manage....

Re:just a ploy to visualize the slashdot effect (1)

foobsr (693224) | about 7 years ago | (#20888049)

Great work (How I love that I may contribute a positive remark ;)

CC.

Here's what it looks like when you're not ./-ed (1)

chipster (661352) | about 7 years ago | (#20888297)

http://chip.cuccio.us/gl_tail.png [cuccio.us]


Perhaps the parser doesn't like my Apache logs?

2437 frames in 5.000 seconds = 487.400 FPS
Elements[0], Activities[0]
2550 frames in 5.001 seconds = 509.898 FPS
Elements[0], Activities[0]
1182 frames in 5.002 seconds = 236.305 FPS
Elements[0], Activities[0]
987 frames in 5.001 seconds = 397.321 FPS
Elements[0], Activities[0]
2534 frames in 5.003 seconds = 506.496 FPS
Elements[0], Activities[0]
2506 frames in 5.000 seconds = 501.200 FPS
Elements[0], Activities[0]
2505 frames in 5.000 seconds = 501.000 FPS
Elements[0], Activities[0]
2603 frames in 5.000 seconds = 520.600 FPS
Elements[0], Activities[0]
2548 frames in 5.000 seconds = 509.600 FPS
Elements[0], Activities[0]
2561 frames in 5.000 seconds = 512.200 FPS
Elements[0], Activities[0]
2559 frames in 5.001 seconds = 511.698 FPS
Elements[0], Activities[0]
2567 frames in 5.029 seconds = 510.439 FPS
Elements[0], Activities[0]
2548 frames in 5.000 seconds = 509.600 FPS
Elements[0], Activities[0]
2193 frames in 5.001 seconds = 438.512 FPS
Elements[0], Activities[0]
2300 frames in 5.000 seconds = 460.000 FPS
Elements[0], Activities[0]
2508 frames in 5.001 seconds = 501.500 FPS
Elements[0], Activities[0]

Re:Here's what it looks like when you're not ./-ed (1)

chipster (661352) | about 7 years ago | (#20888643)

I figured it out.

My apache config has the "HostNameLookup" feature enabled for the logs.

The ruby script's apache log regex parser only allowed for IP's in the logs. I changed it from [\d.] to [a-z0-9.] (line 87).

Bingo.

PS: THis is a pretty neat script.

Re:Here's what it looks like when you're not ./-ed (1)

Fudgie (594631) | about 7 years ago | (#20888699)

Ah. I turned that off in '00 and forgot all about it. Sorry. :-)

Re:Here's what it looks like when you're not ./-ed (1)

chipster (661352) | about 7 years ago | (#20888733)

No worries! Ideally, hostname lookups introduce extra load and traffic anyway :) The a-z0-9 should capture IP's and hostnames.

Nice work.

Re:just a ploy to visualize the slashdot effect (1)

eclectro (227083) | about 7 years ago | (#20888377)

Wow, it's like slashdot hurls chunks.

Re:just a ploy to visualize the slashdot effect (1)

o2sd (1002888) | about 7 years ago | (#20891933)

Wow, it's like slashdot hurls chunks.

I say hurl. If slashdot blows chunks and fudgie comes back, shes yours. If it spews and fudgie runs, it was never meant to be.

Re:just a ploy to visualize the slashdot effect (2, Interesting)

nacturation (646836) | about 7 years ago | (#20890373)

Very nice. One suggestion: rather than have each side's dots fall off at the bottom of the opposite side, how about matching up serving requests with the originating referral so that the dots go to the corresponding spot on the right? Also, if you're not familiar with Flight Patterns [ucla.edu] it's along the same lines. Borrowing from that, it'd be quite interesting to show a 2D map arranged in a hub and spoke model with the center being the site(s) and the spokes representing the top 10 (or 20... configurable) referring sites with a special case for search engines.

Well, perhaps I'll have to learn Ruby and hack this myself. The script certainly looks clean enough.
 

Re:just a ploy to visualize the slashdot effect (2, Interesting)

Fudgie (594631) | about 7 years ago | (#20891097)

Interesting idea. Shouldn't be too hard to try something like that, I already have some code in there doing something similar meant for incoming emails, uploads and other data going into the servers/sites. Try adding :type => 5 to the URL activities for an example. -- Erlend

doom (1)

rucs_hack (784150) | about 7 years ago | (#20887841)

didn't someone once do a version of doom that displayed network activity?

I recall seeing screenshots, but that was years ago.

Re:doom (4, Informative)

xappax (876447) | about 7 years ago | (#20887883)

perhaps you mean this: http://www.cs.unm.edu/~dlchao/flake/doom/ [unm.edu]

Re:doom (1)

rucs_hack (784150) | about 7 years ago | (#20887899)

ah yes, that was it, not for networks then.

I loved this line: (1, Funny)

Anonymous Coward | about 7 years ago | (#20888179)

I loved this line:

"Certain processes are vital to the computer's operation and should not be killed. For example, after I took the screenshot of myself being attacked by csh, csh was shot by friendly fire from behind, possibly by tcsh or xv, and my session was abruptly terminated."

Re:I loved this line: (1)

lahi (316099) | about 7 years ago | (#20888425)

I can see why that approach didn't take off. (The idea seems to be 8 years old.)

However, the line you quote is quite satisfying: csh certainly deserves to be shot. Of course, so do users of csh. This also applies to tcsh of course.

-Lasse

Re:I loved this line: (1)

Seumas (6865) | about 7 years ago | (#20889777)

My sick great-grandmother uses csh, you insensitive clod!

Re:doom (1)

aled (228417) | about 7 years ago | (#20888245)

It's a shame nobody did a newer version with Quake.

Re:doom (0)

Anonymous Coward | about 7 years ago | (#20888631)

It's clever, but...

Drastic action takes work. In a command line interface, all actions take approximately the same amount of effort. One can ls just as easily as rm -rf *, which is kind of unfortunate. In a cyberspace environment, the players are not omnipotent, so performing large actions takes time and effort.

That sounds like a big disadvantage to me! In fact, it sounds remarkably similar to the Microsoft philosophy where the user interface is optimised for the most likely tasks, but with the side effect of making less likely tasks extremely difficult and non-intuitive.

Oh, Sweeeetness! (5, Funny)

avirrey (972127) | about 7 years ago | (#20887873)

You gotta add an 'Asteroids' ship on the screen that lets you shoot down connections!

"Oh, look! Bob just logged on... let's get 'em!"

...

"IT support. How can I help you?"

"Hi, this is Bob..."

--
X's and O's for all my foes.

Re:Oh, Sweeeetness! (2, Funny)

NFN_NLN (633283) | about 7 years ago | (#20888957)

We're finally catching up to movies now... you know the cheesy and disconnected from reality sequence where some hackers enters a system by navigating a 3D maze... and the firewall is a monster you have to literally kill. The movie Masterminds comes to mind.

Re:Oh, Sweeeetness! (1)

quanticle (843097) | about 7 years ago | (#20889413)

And maybe after that you can add a tool to allow you to kill "rabbits" with "flu shots" ;-)

Wow (1)

its_me_ken_lai (459571) | about 7 years ago | (#20887903)

Man this is cool. Very cool.

Re:Wow (1)

Volatar (1099775) | about 7 years ago | (#20887981)

I highly agree, I am definatly going to check this out.

Re:Wow (1)

symbolic (11752) | about 7 years ago | (#20888557)

Agreed. I saw something similar a few years ago, but this seems a bit more refined. I think there's actually a lot you can do when combining a graphics rendering engine with something like network activity. All it takes is a little creativity, a little time, and a boss who says it can't be done.

Compiz for syslogs - ohmygawd ! (2, Funny)

udippel (562132) | about 7 years ago | (#20887961)

Luckily, I saw the movie before the meltdown of the server. It always pays to be on time. ;)

For those unlucky and late, actually, you missed a competition of peeing coloured snowflakes from the right versus doing the same from the left.
Only, the sources on the left are much better at aiming.
Plus, you have some 'Login ...' scrolling top to bottom; like the cast of a movie.

Heads up, Fudgie, it is truely the most amazing display of log files ever creeping across my eyes.
Keep the good work up, and please post again when you have something actually useful for the sysadmin.

I declare you 'King of Log Candy' !

Ob quote (4, Funny)

Provocateur (133110) | about 7 years ago | (#20887963)

All I see now is blonde, brunette, redhead.

Pretty, but? (1)

dotancohen (1015143) | about 7 years ago | (#20887991)

It's pretty, but it is useful? Actually, I think that it is. Those who review the logs ("Firefox?!? We don't need to support a web browser with only 30% market share!!!") apparently have no idea what the data means anyway. So making it pretty certainly won't hurt. And if it's pretty it just might spark interest.

Re:Pretty, but? (2, Interesting)

fmobus (831767) | about 7 years ago | (#20888255)

I believe this sort of tool is useful for realtime monitoring of net resources utilization. It can assist you giving graphic clues when something goes out of the usual parameters, like DDoS, slashdotments (sp?), router failure, etc. Depending on information being monitored and how it is displayed, it could also be used for long-term decision like buying more hardware or switching software because the current setup is not handling the load.

One nice, but more local example is the "duck" activity monitor (a windowmaker classic): a duck floats by a mass of water. If the water gets to high, it means the memory usage is high; if it has too much bubbles, processor is being hit. No percentages nor text, just a simple graphic.

A place I used to work is now trying to develop something like this: visualizations where you can tell trouble is brewing in a glance. This is useful for them because their services involved a lot of maintenance of third-party networks but having someone dedicated to nanny all systems is "dumb" and error-prone. Their solution consists of multiple screens around the office showing how the systems they are responsible for are behaving.

Re:Pretty, but? (1)

merreborn (853723) | about 7 years ago | (#20891595)

A place I used to work is now trying to develop something like this: visualizations where you can tell trouble is brewing in a glance


If you just install any of the standard RRDTool frontends out there, e.g. cacti, or my personal favorite, munin (far easier to install/extend/use than cacti), and check them regularly, it's not hard to tell when something's wrong. Traffic and usage patterns are pretty consistent from week to week on the boxes I've administered. After a month of checking graphs in munin daily, I could instantly tell when a CPU, network, memory, or process count graph was out of whack.

After a few more months, not only could I tell at a glance that something was wrong, but I could use the information in them to figure out *what* was wrong.

You'd be hard pressed to try to come up with a combined visualization that was actually *more* useful (i.e., equally data-rich) to a trained eye.

Postfix? (1)

JShadow21 (871404) | about 7 years ago | (#20888001)

I'd enjoy a postfix version

Re:Postfix? (3, Interesting)

Fudgie (594631) | about 7 years ago | (#20888019)

Shouldn't be too hard. I'll cook one up this evening.

Re:Postfix? (1)

liquidpele (663430) | about 7 years ago | (#20888065)

Any idea on how many servers it can connect to before performance issues come up?

Re:Postfix? (1)

Fudgie (594631) | about 7 years ago | (#20888233)

At work I show about 30 logfiles, divided across 10 different servers running at 50+ FPS on an old Centrino laptop with a GeForce 5xxx mobile.

Re:Postfix? (1)

MarkRose (820682) | about 7 years ago | (#20890153)

I have it monitoring Apache. At around 1000 requests per minute, I get about 10 fps on my 1750 MHz Duron. It's CPU bound, not GPU bound.

Re:Postfix? (1)

JShadow21 (871404) | about 7 years ago | (#20888095)

Awesome, thank you sir

Re:Postfix? (1)

Fudgie (594631) | about 7 years ago | (#20891115)

A basic Postfix parser cooked up and introduced in v0.02. Also includes a simple IIS parser. More refined parsing of postfix will come. :-)

GNU GPL (2, Informative)

wikinerd (809585) | about 7 years ago | (#20888117)

#!/usr/bin/env ruby # gl_tail.rb v0.01 - OpenGL visualization of your server traffic # Copyright 2007 Erlend Simonsen # # Licensed under the GPLv2

Hey, this is not the correct way to apply the GNU GPL licence. I don't know whether you had very little time available or just don't care, but the correct way is to explain exactly what licence (full title) the program is under and enable the user to find the licence (provide a copy of it and explain that the author of the licence is FSF, giving their address). We nerds of course understand completely what you mean, but other people may have no idea what you are talking about. To learn how to apply GPL on your program read this [fsf.org] .

Good work, by the way. Was there any reason you preferred GPLv2 and not GPLv3? Also from the wording of your licence I think that you intended this to be available only under v2 and not v3 (you say "Licensed under the GPLv2" without a "or any later version" clause).

Re:GNU GPL (0)

Anonymous Coward | about 7 years ago | (#20888291)

Am I the only person tired of having people defile articles about technology with this inane "Why did you license it this way?" banter? Jesus christ, it's open source and even Free Software, just because he didn't use RMS' latest and greatest toy doesn't mean you need to badger him about it.

Re:GNU GPL (1)

kamochan (883582) | about 7 years ago | (#20888605)

No, you are not the only one...

Re:GNU GPL (1)

makomk (752139) | about 7 years ago | (#20890501)

I wonder if the author has spent time doing Linux kernel development? Variants of that statement are quite common on files in it, for some reason.

Sorry, but the boss won this bet (2, Insightful)

nurb432 (527695) | about 7 years ago | (#20888315)

its still NOT entertaining.. Its more bizzare then anything else.

Re:Sorry, but the boss won this bet (1)

aftk2 (556992) | about 7 years ago | (#20888585)

I'm afraid I'd have to agree. The first thing I thought was: "Hmm..how about trying to make logfiles more readable/understandable instead?" I'm impressed by the technical acuity though.

Re:Sorry, but the boss won this bet (1)

Fudgie (594631) | about 7 years ago | (#20891157)

It's both harder for me to track a scrolling display of text moving in erratic bursts, and processing the information in each line than it is to take a quick glance at a screen and see if there are many small dots or few large ones.

syslog, not ssh+tail -f (4, Insightful)

allenw (33234) | about 7 years ago | (#20888431)

Why use ssh + tail -f when one can send the output to a centralized syslog server? There isn't any need to setup an account, keys, etc. when you can have the individual servers consolidate the data for you.

seconded (3, Insightful)

Cheesey (70139) | about 7 years ago | (#20888873)

Remote syslog also means that your servers are more secure: (a) because it is harder for crackers to falsify remote logs as they need to compromise two machines, not just one; and (b) because your visualisation program doesn't need access to SSH keys for all of the machines it monitors, so a compromise on the visualisation computer doesn't automatically mean that all of the servers can also be compromised. However, you could presumably adapt this tool to use syslog quite easily.

Re:syslog, not ssh+tail -f (1)

MarkRose (820682) | about 7 years ago | (#20889385)

You could, like me, be using a shared host where you have access to the server logs, but not to the server configuration files. This is a fantastic way to monitor performance remotely.

Re:syslog, not ssh+tail -f (1)

allenw (33234) | about 7 years ago | (#20889945)

That is a very good point. I'm used to dealing with scales beyond a single node ;) where you have access to such things.

In any case, I'm considering borrowing the idea and using it to 'watch' blocks on HDFS [apache.org] . I think it would be interesting to have a visual of blocks/files getting read/written/replicated. It might show patterns that we're otherwise not seeing.

Green balls keep killing me. (0)

Anonymous Coward | about 7 years ago | (#20888575)

Those obstacles keep getting in my way!

How do I shoot?

SSH - jeesh kill the dinosaur (-1, Troll)

DrSkwid (118965) | about 7 years ago | (#20888621)

Use of SSH is a sign you're losing.

Re:SSH - jeesh kill the dinosaur (1)

slyborg (524607) | about 7 years ago | (#20888895)

Uh, wtf are you talking about?

Re:SSH - jeesh kill the dinosaur (0)

Anonymous Coward | about 7 years ago | (#20889535)

Ignore the troll. Anyone with a PETA link for their site is obviously some type of sub-intelligent humanoid.

And replace it with what? (1)

SanityInAnarchy (655584) | about 7 years ago | (#20890667)

RDP? VNC? RSH???

Re:And replace it with what? (1)

MarkRose (820682) | about 7 years ago | (#20890777)

WTF? OMG? BBQ???

Re:And replace it with what? (1)

DrSkwid (118965) | about 7 years ago | (#20891287)

Those mechanisms are for RPC, you can choose whatever method you like when your whole IP stack is SSL encrypted, like mine [bell-labs.com] .

I'm constantly surprised at what people will plod along with!

Accessing log files via sudo? (0)

Anonymous Coward | about 7 years ago | (#20888797)

Our servers don't allow the root account ssh access, and the log file ownership is root.

Can this be made to work with sudo? (For instance, if the command argument is "sudo tail -f" instead of just "tail -f" then glTail could feed the password to the ssh session a second time? Forgive me, never used ruby.)

Re:Accessing log files via sudo? (0)

Anonymous Coward | about 7 years ago | (#20888907)

Yes, this is theoretically possible.

Re:Accessing log files via sudo? (1)

Fudgie (594631) | about 7 years ago | (#20889163)

Sure it can. You'd just need to send the sudo-command line, and send the password if you got a password prompt in return. Or you could just let other users read the access log for a while, so see how it looks before you decide if this is something you'd like to try.

Re:Accessing log files via sudo? (0)

Anonymous Coward | about 7 years ago | (#20889559)

> Can this be made to work with sudo?

No. The laws of physics would prevent this.

Running glTail on Windows (5, Informative)

Mazin07 (999269) | about 7 years ago | (#20890169)

If you want to run glTail on Windows:

1. Use the One-click Ruby installer from rubyforge (not Cygwin ruby)
2. Make sure to `gem install net-ssh`
3. Change "require 'glut'" to "require 'glut_prev'" to enable legacy GLUT ruby bindings

Took me a while to figure this out.

Audialization (1)

Aleksej (1110877) | about 7 years ago | (#20890511)

fastfinge> I used to have a program that would play a musical note every time someone hit a port. so for each port it would have a different note
fastfinge> i put it in the dmz
fastfinge> much musical entertainment
fastfinge> I should find the source for that thing again. i could change midi intruments depending on the type of packet.
fastfinge> or maybe create length and timbre data from the source IP?
2006-09-20

Booooring. (0)

Angstroem (692547) | about 7 years ago | (#20890981)

We did something similar like 10 years ago, hooking the log-file to the sound server where each port hat its individual sound and the frequency of connects directly related to the respective sound's volume.

Was rather interesting as you actually could *hear* all those Windows trojans and worms trying to dig their way into your (Linux) system.

Google called (2, Funny)

Anonymous Coward | about 7 years ago | (#20891109)

They heard about your cool project and want to subject you to a series of tedious interviews, ultimately not offering you a job because you didn't go to stanford.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?