search

Octopussy-Project / Octopussy

Octopussy - Open Source Log Management Solution
https://octopussy.pm
GNU General Public License v3.0
153 stars 28 forks source link

Reports #512

Closed sebthebert closed 10 years ago

sebthebert commented 10 years ago

need help creating reports

sebthebert commented 10 years ago

Date: 2010-12-09 01:37:44 Author: sebthebert

Please, can you be more specific on your request ?

Do you have error messages ?

What kind of help do you want ?

sebthebert commented 10 years ago

Date: 2010-12-09 01:37:44 Author: sebthebert

sebthebert commented 10 years ago

Date: 2010-12-09 16:59:32 Author: eptii

Just need to clarify how to create reports. Like how to create a report to show failed login per user, per source address, etc. We have a few test reports that send a .json file but not sure how to open them, etc

sebthebert commented 10 years ago

Date: 2013-02-05 10:48:23.779000 Author: ezhox

I dig up an old post because I'm also wondering the same things. Could you explain briefly how reports works ? Does it use the databases or the zip logs ? Because in the octopussy database I just have the "alerts" table. I don't know if it's normal. When I try to create a report I got an error message "report file does not exist" or an empty file with ".err" extension.

If I managed to making reports work well I'll install it in my company and will start to write a complementary documentation based on this post http://sourceforge.net/p/syslog-analyzer/feature-requests/81/ first in french (my native language) and after in english. Thanks for all your great work.

sebthebert commented 10 years ago

Date: 2013-02-14 22:41:29.305000 Author: sebthebert

Hi Ben,

Database are only used for storing Alerts history and TEMPORARILY during Report Generation.

When you launch a Report, octo_reporter:

  1. extracts fields logs from zip logs
  2. insert in Octopussy Database in a table named 'tablename_pid'
  3. launch SQL query defined in Report
  4. extract the result of the query
  5. remove the temporary table created

You can try to launch the report on command line to figure out what's wrong.

sudo -u octopussy /usr/sbin/octo_reporter 

octo_reporter (version 1.0.6)

 Usage: octo_reporter --report <report> --device <device> --service <service> 
          --loglevel <loglevel> --taxonomy <taxonomy>
          --begin YYYYMMDDHHMM --end YYYYMMDDHHMM
          [ --pid_param <string> ] --output <output_file>
 Mail options:
   --mail_subject <subject> --mail_recipients <recipients>
 Ftp options:
   --ftp_host <host> --ftp_dir <dir>
   --ftp_user <user> --ftp_password <password>
 Scp options:
   --scp_host <host> --scp_dir <dir> --scp_user <user>

 Report list: Bind Top 50 Clients, Bind Top 50 Queries, RRD_Stack_nb_events, Test, test

It would be nice if you could make a good documentation !

And I'm french too ! :)

sebthebert commented 10 years ago

Date: 2013-05-30 23:55:17.923000 Author: sebthebert

sebthebert commented 10 years ago

Date: 2013-05-30 23:55:18.303000 Author: sebthebert

I close this ticket.