$Id: README.lire-client,v 1.24 2004/09/02 07:37:35 vanbaal Exp $
README file for using Lire as a client
- Introduction
lire-client allows you to anonymize your logfiles, and interpret the responses you get when sending these anonymized logfiles to a LogReport online responder, like the one running on log@<servicename>.logreport.org.
- Quickstart
version is e.g. 20001228
$ wget http://www.logreport.org/pub/lire-version.tar.gz
$ gunzip lire-version.tar.gz
$ tar -xf lire-version.tar
$ cd lire-version
$ ./configure --prefix=$HOME/lire
Don't get scared by the output this gives.
$ make && make install
To anonymize, send and process a log, and to receive and de-anonymize the generated report, do this:
$ cd lire/bin
$ PATH=$PATH:`pwd`
Anonymize the log:
$ lr_anonymize dump < /path/to/your/logfile > log.anon
(Databases dump.inaddr, dump.maildomain, dump.ip, dump.email and dump.domain will get created, see the lr_anonymize manpage.)
Send the anonymized log:
$ gzip log.anon
$ mutt -a log.anon.gz -s "anon somehost bla bla" \
log@<service>.logreport.org < /dev/null
(or
$ mail -s "anon `hostname` `date +%Y%m%d`" log@<service>.logreport.org \
< log.anon
)
where log@<service>.logreport.org is the address of the appropriate online responder. <service> can be any of the ones listed on the Online Responder webpage on http://www.logreport.org/lire/or/ .
The first four characters of the subject of the message should be "anon".
Wait for a reply by email, and save the message body in anon.xml.
De-anonymize and format the report:
$ lr_deanonymize dump < anon.xml > report.xml
(This command reads the dump.* databases, see the lr_deanonymize manpage.)
Typeset report.xml using lr_xml2report.
(Some hints on how to automate this are at the bottom of this document.)
- Requirements
You need a recent perl (5.6.1 or higher, with the DB_File.pm module, as shipped with vanilla perl) for the scripts. Some output formats may have additional requirements, refer to the Lire User Manual for details.
- More information
You can peek at the databases created by lr_anonymize, using lr_anondump, e.g.:
$ lr_anondump dump.domain
For more information, read the lr_anonymize, lr_deanonymize, lr_anondump, and lr_xml2report manpages, or post a message to the public questions@logreport.org mailinglist.
- Fancy stuff: Processing emails containing raw report automatically
You can process the raw reports you get in reply to your anonymized log to the responder in an automated way. We give some hints on how to achieve this on a qmail system, where mutt is installed as MUA. For systems running postfix or another MTA, a similar setup can work.
** From a maildir
If you want to store the raw emails in a maildir before processing:
$ maildirmake lire/var/spool/lire/anon/Maildir $ echo './lire/var/spool/lire/anon/Maildir/' > .qmail-anon
Anonymize and send the log:
$ lr_anonymize $HOME/tmp/dump < \
/var/log/apache/mydomain.com/combined.log.0 | gzip -c > \
$HOME/tmp/apache.log.anon.gz && \
mutt -a $HOME/tmp/apache.log.anon.gz \
-s "anon `hostname` `date +\%Y\%m\%d`" \
-e 'my_hdr Reply-To: joeuser-anon@mydomain.com' \
log@common.logreport.org < /dev/null
Process the received anonymized report:
$ lr_rawmail2mail ~/tmp/dump postmaster@mydomain.com \ < ~/lire/var/spool/lire/anon/Maildir/new/980869687.22913.gelfand \
** Fully automated
If you want to fully automate the processing, and run the script directly from a .qmail (of .forward) file:
Put something like
40 7 * * * lr_anonymize $HOME/tmp/dump < \ /var/log/apache/mydomain.com/combined.log.0 | gzip -c > \ $HOME/tmp/apache.log.anon.gz && mutt \ -a $HOME/tmp/apache.log.anon.gz -s "anon `hostname` `date +\%Y\%m\%d`" \ -e 'my_hdr Reply-To: joeuser-anon@mydomain.com' \ log@combined.logreport.org < /dev/null
in your crontab, and make sure mail to joeuser-anon@mydomain.com gets processed by the contents of ~joeuser/.qmail-anon. This file should read something like:
$ cat .qmail-anon
| $HOME/lire/bin/lr_run $HOME/lire/bin/lr_rawmail2mail $HOME/tmp/dump root
Beware: this setup assumes you'll allways receive an answer from the responder before you sent your next log.
Furthermore, be sure to configure the variable lr_logging_method to 'syslog' using the lire(1) tool. You migh also want to configure the lr_keep, lr_debug and lr_logger_tag variables.
Refer to the Lire User Manual for more information on this and similar things.