tlog
tlog copied to clipboard
Scribery
Implement a GUI playback app/backend
Implement a (GNOME?) GUI playback app or a backend to tlog-play which would observe window sizes and terminal types through using a terminal widget such as VteTerminal, and resizing the window and/or font automatically, as recorded. Consider using XEmbed to embed an actual terminal and resizing it accordingly as a simpler approach.
Hi Nikolai, how are you? My name is Abdoul, I am a computer trainee. I took over the Scribery project, I used a server of each Linux distribution, and it works very well. Now I tried to redirect all the logs of the sessions "/var/log/tlog.log" to another server "ELK". I configured Elasticsearch, Logstash and Kibana, and on each target test server I installed filebeat. And it works, I receive all the logs, but they are encrypted, I can't do any reading in ELK nor the "tlog-play" command on the remote server. Also, I installed a cockpit on the ELK server that receives all the logs, no session is displayed. I am confused, please help me!
I am passionate
Hi Abdoulaye,
There's no support in Cockpit for playing recordings back from ElasticSearch. Only the command-line tlog-play tool can do that, IIRC. Cockpit only supports playing back recordings from Journal. I'm not sure what you mean by "encrypted". Perhaps you meant "encoded"?
Also, I've stopped working on this project a few years ago. It doesn't look like tlog is going to be developed much further, but @justin-stephenson took over its maintenance.
Hi Nikolai,
I can read the sessions thanks to a cockpit. It was dangerous to keep the session records on the server in production, so I redirected all logs via ELK.
How can I do the reading with tlog-play with ELK?
To be able to view sessions, the syntax is "tlog-play -i path" or "tlog-play -r journal -M TLOG_REC=<uid_user>"
Where are stored the logs retrieved from the ciles servers, are they stored in /var/log/logstash or /var/log/elasticsearch.
What is the right way to do it?
Le mar. 13 déc. 2022 à 11:54, Nikolai Kondrashov @.***> a écrit :
Hi Abdoulaye,
There's no support in Cockpit for playing recordings back from ElasticSearch. Only the command-line tlog-play tool can do that, IIRC. Cockpit only supports playing back recordings from Journal. I'm not sure what you mean by "encrypted". Perhaps you meant "encoded"?
Also, I've stopped working on this project a few years ago. It doesn't look like tlog is going to be developed much further, but @justin-stephenson https://github.com/justin-stephenson took over its maintenance.
— Reply to this email directly, view it on GitHub https://github.com/Scribery/tlog/issues/25#issuecomment-1348361361, or unsubscribe https://github.com/notifications/unsubscribe-auth/A4XAJQFI5NGFO564RLJR2YDWNBPWDANCNFSM4B4O6FNQ . You are receiving this because you commented.Message ID: @.***>
How can I do the reading with tlog-play with ELK?
There's an example playing back a recording from ElasticSearch in README.md: https://github.com/Scribery/tlog/#playing-back-from-elasticsearch
Where are stored the logs retrieved from the ciles servers, are they stored in /var/log/logstash or /var/log/elasticsearch.
If you're really sending data to ElasticSearch, then it's stored in the server database, not in a log file. See an overview of the setup in README.md: https://github.com/Scribery/tlog/#recording-sessions-to-elasticsearch
Thank you very much
You have used rsylog. To be honest, I used logstash, I installed and configured filebeat on each target. Now if I want to do a read, do I have to edit /etc/logstash/conf.d/beats.conf
I had written a pattern, input, filter and output.
What is the procedure please?
Le mar. 13 déc. 2022 à 13:09, Nikolai Kondrashov @.***> a écrit :
How can I do the reading with tlog-play with ELK?
There's an example playing back a recording from ElasticSearch in README.md: https://github.com/Scribery/tlog/#playing-back-from-elasticsearch
Where are stored the logs retrieved from the ciles servers, are they stored in /var/log/logstash or /var/log/elasticsearch.
If you're really sending data to ElasticSearch, then it's stored in the server database, not in a log file. See an overview of the setup in README.md: https://github.com/Scribery/tlog/#recording-sessions-to-elasticsearch
— Reply to this email directly, view it on GitHub https://github.com/Scribery/tlog/issues/25#issuecomment-1348510748, or unsubscribe https://github.com/notifications/unsubscribe-auth/A4XAJQBLHQD5XAZYWBVJLYLWNBYRBANCNFSM4B4O6FNQ . You are receiving this because you commented.Message ID: @.***>
Sorry, @asow25, I have never used logstash so cannot help here. You'll have to dig into the docs and make it work yourself. Good luck!
Many thanks. Do you have a solution to make tlog work on a windows server?
I stop bothering you. I'm going to do more research, you really have me. In the end, I'll share with you what I find.
Le mar. 13 déc. 2022 à 15:56, Nikolai Kondrashov @.***> a écrit :
Sorry, @asow25 https://github.com/asow25, I have never used logstash so cannot help here. You'll have to dig into the docs and make it work yourself. Good luck!
— Reply to this email directly, view it on GitHub https://github.com/Scribery/tlog/issues/25#issuecomment-1348878204, or unsubscribe https://github.com/notifications/unsubscribe-auth/A4XAJQAYHSGTFSZC6PYAQKDWNCMEFANCNFSM4B4O6FNQ . You are receiving this because you were mentioned.Message ID: @.***>
Many thanks. Do you have a solution to make tlog work on a windows server? I stop bothering you. I'm going to do more research, you really have me. In the end, I'll share with you what I find. Le mar. 13 déc. 2022 à 15:56, Nikolai Kondrashov @.***> a écrit :
Some users reported using tlog with WSL (Windows Subsystem for Linux) in https://github.com/Scribery/tlog/issues/262 but this is nothing officially tested. Other than that, nothing i'm aware of.
Hi everyone, it's me again, you suggested me to use rsyslog, then I installed Rsyslog, Elasticsearch and Kibana, no problem at all. Further, I get the logs on my GUI. Long story short, I cannot to play the sessions from elasticsearch. I don't find any errors; I'm confused. Please, some help would be welcome. Is it correct that there are many log lines for a single session? Here's my stdout :
[root@srv ~]# curl -s 192.168.100.166:9200/tlog-rsyslog/_search | jq . | grep rec "rec": "ada0acb659c24c318f17edc83334110c-ea9-580b72", "rec": "ada0acb659c24c318f17edc83334110c-ea9-580b72", "rec": "ada0acb659c24c318f17edc83334110c-ea9-580b72", "rec": "ada0acb659c24c318f17edc83334110c-ea9-580b72", "rec": "ada0acb659c24c318f17edc83334110c-ea9-580b72", "rec": "ada0acb659c24c318f17edc83334110c-ea9-580b72", "rec": "ada0acb659c24c318f17edc83334110c-ea9-580b72", "rec": "ada0acb659c24c318f17edc83334110c-ea9-580b72", "rec": "ada0acb659c24c318f17edc83334110c-ea9-580b72", "rec": "ada0acb659c24c318f17edc83334110c-ea9-580b72",
[root@srv ~]# journalctl -xel _EXE=/usr/bin/tlog-rec-session déc. 21 11:30:20 srvprod-test.mycompany.ci -tlog-rec-session[3753]: {"ver":"2.3","host":"srvprod-test.mycompany.ci","rec":"ada0acb659c24c318f17edc83334110c-ea9-580b72","user":"" déc. 21 11:30:20 srvprod-test.mycompany.ci -tlog-rec-session[3753]: {"ver":"2.3","host":"srvprod-test.mycompany.ci","rec":"ada0acb659c24c318f17edc83334110c-ea9-580b72","user":"" déc. 21 11:30:20 srvprod-test.mycompany.ci -tlog-rec-session[3753]: {"ver":"2.3","host":"srvprod-test.mycompany.ci","rec":"ada0acb659c24c318f17edc83334110c-ea9-580b72","user":"" déc. 21 11:30:20 srvprod-test.mycompany.ci -tlog-rec-session[3753]: {"ver":"2.3","host":"srvprod-test.mycompany.ci","rec":"ada0acb659c24c318f17edc83334110c-ea9-580b72","user":"" déc. 21 11:30:20 srvprod-test.mycompany.ci -tlog-rec-session[3753]: {"ver":"2.3","host":"srvprod-test.mycompany.ci","rec":"ada0acb659c24c318f17edc83334110c-ea9-580b72","user":"" déc. 21 11:30:20 srvprod-test.mycompany.ci -tlog-rec-session[3753]: {"ver":"2.3","host":"srvprod-test.mycompany.ci","rec":"ada0acb659c24c318f17edc83334110c-ea9-580b72","user":"" déc. 21 11:30:20 srvprod-test.mycompany.ci -tlog-rec-session[3753]: {"ver":"2.3","host":"srvprod-test.mycompany.ci","rec":"ada0acb659c24c318f17edc83334110c-ea9-580b72","user":"" déc. 21 11:30:20 srvprod-test.mycompany.ci -tlog-rec-session[3753]: {"ver":"2.3","host":"srvprod-test.mycompany.ci","rec":"ada0acb659c24c318f17edc83334110c-ea9-580b72","user":"" déc. 21 11:30:20 srvprod-test.mycompany.ci -tlog-rec-session[3753]: {"ver":"2.3","host":"srvprod-test.mycompany.ci","rec":"ada0acb659c24c318f17edc83334110c-ea9-580b72","user":"" déc. 21 11:30:20 srvprod-test.mycompany.ci -tlog-rec-session[3753]: {"ver":"2.3","host":"srvprod-test.mycompany.ci","rec":"ada0acb659c24c318f17edc83334110c-ea9-580b72","user":""
[root@srvp ~]# cat /etc/tlog/tlog-play.conf { "reader": "es", "es" : { "baseurl": "http://192.168.100.166:9200/tlog-rsyslog/tlog/_search" }, }
[root@srvprod-test ~]# tlog-play -r es --es-baseurl=http://192.168.100.166:9200/tlog/tlog/_search --es-query=session:17 --es-verbose
-
Trying 192.168.100.166... * TCP_NODELAY set * Connected to 192.168.100.166 (192.168.100.166) port 9200 (#0) > GET /tlog/tlog/_search?q=session%3A17&sort=id%3Aasc&size=10&from=0 HTTP/1.1 Host: 192.168.100.166:9200 Accept: /
-
The requested URL returned error: 404 Not Found * Closing connection 0
HTTP response code said error Failed reading the source at message #0 [root@srvprod-test ~]#