- Use the Source, Luke
Home | Register | News | Forums | Guide | MyLinks | Bookmark

Sponsored Links

Latest News
  General News
  Press Releases
  Off Topic

Back to files

$Id: README.lire-client,v 1.24 2004/09/02 07:37:35 vanbaal Exp $

README file for using Lire as a client

  • Introduction

lire-client allows you to anonymize your logfiles, and interpret the responses you get when sending these anonymized logfiles to a LogReport online responder, like the one running on log@<servicename>

  • Quickstart

version is e.g. 20001228

$ wget $ gunzip lire-version.tar.gz
$ tar -xf lire-version.tar
$ cd lire-version
$ ./configure --prefix=$HOME/lire

Don't get scared by the output this gives.

$ make && make install

To anonymize, send and process a log, and to receive and de-anonymize the generated report, do this:

$ cd lire/bin
$ PATH=$PATH:`pwd`

Anonymize the log:

$ lr_anonymize dump < /path/to/your/logfile > log.anon

(Databases dump.inaddr, dump.maildomain, dump.ip, and dump.domain will get created, see the lr_anonymize manpage.)

Send the anonymized log:

$ gzip log.anon
$ mutt -a log.anon.gz -s "anon somehost bla bla" \

log@<service> < /dev/null


$ mail -s "anon `hostname` `date +%Y%m%d`" log@<service> \

< log.anon


where log@<service> is the address of the appropriate online responder. <service> can be any of the ones listed on the Online Responder webpage on .

The first four characters of the subject of the message should be "anon".

Wait for a reply by email, and save the message body in anon.xml.

De-anonymize and format the report:

$ lr_deanonymize dump < anon.xml > report.xml

(This command reads the dump.* databases, see the lr_deanonymize manpage.)

Typeset report.xml using lr_xml2report.

(Some hints on how to automate this are at the bottom of this document.)

  • Requirements

You need a recent perl (5.6.1 or higher, with the module, as shipped with vanilla perl) for the scripts. Some output formats may have additional requirements, refer to the Lire User Manual for details.

  • More information

You can peek at the databases created by lr_anonymize, using lr_anondump, e.g.:

$ lr_anondump dump.domain

For more information, read the lr_anonymize, lr_deanonymize, lr_anondump, and lr_xml2report manpages, or post a message to the public mailinglist.

  • Fancy stuff: Processing emails containing raw report automatically

You can process the raw reports you get in reply to your anonymized log to the responder in an automated way. We give some hints on how to achieve this on a qmail system, where mutt is installed as MUA. For systems running postfix or another MTA, a similar setup can work.

** From a maildir

If you want to store the raw emails in a maildir before processing:

$ maildirmake lire/var/spool/lire/anon/Maildir $ echo './lire/var/spool/lire/anon/Maildir/' > .qmail-anon

Anonymize and send the log:

$ lr_anonymize $HOME/tmp/dump < \
/var/log/apache/ | gzip -c > \ $HOME/tmp/apache.log.anon.gz && \
mutt -a $HOME/tmp/apache.log.anon.gz \ -s "anon `hostname` `date +\%Y\%m\%d`" \ -e 'my_hdr Reply-To:' \ < /dev/null

Process the received anonymized report:

$ lr_rawmail2mail ~/tmp/dump \ < ~/lire/var/spool/lire/anon/Maildir/new/980869687.22913.gelfand \

** Fully automated

If you want to fully automate the processing, and run the script directly from a .qmail (of .forward) file:

Put something like

40 7 * * * lr_anonymize $HOME/tmp/dump < \ /var/log/apache/ | gzip -c > \ $HOME/tmp/apache.log.anon.gz && mutt \ -a $HOME/tmp/apache.log.anon.gz -s "anon `hostname` `date +\%Y\%m\%d`" \ -e 'my_hdr Reply-To:' \ < /dev/null

in your crontab, and make sure mail to gets processed by the contents of ~joeuser/.qmail-anon. This file should read something like:

$ cat .qmail-anon
| $HOME/lire/bin/lr_run $HOME/lire/bin/lr_rawmail2mail $HOME/tmp/dump root

Beware: this setup assumes you'll allways receive an answer from the responder before you sent your next log.

Furthermore, be sure to configure the variable lr_logging_method to 'syslog' using the lire(1) tool. You migh also want to configure the lr_keep, lr_debug and lr_logger_tag variables.

Refer to the Lire User Manual for more information on this and similar things.

Sponsored Links

Discussion Groups
  Networking / Security

About | FAQ | Privacy | Awards | Contact
Comments to the webmaster are welcome.
Copyright 2006 All rights reserved.