From 23fce3894e6a8546ece0710ad090e5699f6ad1cd Mon Sep 17 00:00:00 2001 From: mivirl <> Date: Thu, 25 Jan 2024 13:16:41 -0600 Subject: [PATCH] Update README; add section on monitoring output --- README.md | 38 ++++++++++++++++++++++++++++++-------- 1 file changed, 30 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 6d3544d..c89a8a0 100644 --- a/README.md +++ b/README.md @@ -1,26 +1,30 @@ # Minimum Viable Remote Logging -This project is an attempt to make a logging solution for simple use cases. The -simplicity is primarily from the maintainer's standpoint, rather than using -the most efficient code. +This project is an attempt to make a logging solution for simple use cases. This script can do the following: - Retrieve basic information - Monitor processes +- Tail command output - Copy files - Tail logs The primary reason for creating this is to monitor a machine for activity from -naive malware or attackers, although it is likely better suited for cases -without active interference. +naive malware or attackers, although it is better suited for cases without +active interference. All needed binaries are static so dependencies don't need to be installed on the remote system. +### Server vs. client + +The **server** is the central collection point where logs and files are sent. +The **client** is run on the machine that's monitored. It connects to the server +to transfer logs and files. ## Building -Use the included build script to retrieve and build direct dependencies: +Use the included build script to retrieve and build dependencies: ```sh ./build.sh @@ -32,7 +36,7 @@ Then edit `build/_output/client/client.pl` and change `$server_ip` and ## Deploying ### Server -To deploy on the server, you'll need to do transfer the `build/_output/server` +To deploy on the server, you'll need to transfer the `build/_output/server` directory to the remote system, then `cd` to that directory and run: ```sh @@ -41,9 +45,27 @@ directory to the remote system, then `cd` to that directory and run: ### Client -To deploy on the client, you'll need to do transfer the `build/_output/client` +To deploy on the client, you'll need to transfer the `build/_output/client` directory to the remote system, then `cd` to that directory and run: ```sh ./smallperl.bin client.pl ``` + +## Monitoring + +Once the server is running and a client has connected, files will appear on the +server in `srv/clients/` with the following naming scheme: +- `auth-key` - Key used to authenticate clients and store files in the correct + directories +- `info.txt` - Contains basic information about the system +- `F__filepath` - Files that are transferred once +- `L__logpath.log` - Log files that are continuously transferred, new lines are + transferred as they are written on the client side +- `C__commandname.cmdlog` - Command output, continuously transferred + +Logs can be monitored as they come in using `lnav`: + +```sh +./lnav -r srv/clients +``` -- 2.39.5