Parsing log files

cajun has asked for the wisdom of the Perl Monks concerning the following question:

I'm learning Perl and have written a script that parses the /var/log/messages file. The script works fine if run by root, however, I may eventually like to turn this into a CGI script.

Here are the perms on /var/log/messages: -rw------- 1 root root 5141 Sep 11 15:17 /var/log/messages

So, the question is, how can Joe user run this script to parse /var/log/messages (given the perms on messages are not to be changed).

Thanks !

Comment on Parsing log files

Replies are listed 'Best First'.
Re: Parsing log files by eLore (Hermit) on Sep 12, 2000 at 02:35 UTC
First, are you sure that you want JoeUser to access /var/log/messages? That log can contain sensitive data. Assuming you do want to show the world your logs, what about having another process (run by root) copy the log to a safe location every few minutes, and chmod it? (inherent in that response is that I wouldn't want any CGI scripts accessing outside of a /pub_html directory, or some such)	[reply]
RE: Re: Parsing log files by BastardOperator (Monk) on Sep 12, 2000 at 04:35 UTC
Good advice. I would re-iterate that you probably really don't want to do this, but if you're going to anyway, you're looking at either doing what was suggested above, or doing an suid thing (bad plan). So, you're basically left with what was said above, in which case I would add that you may want to just grep out the relevant info from the logfile rather than copy the entire thing. Make sure that you have proper rules to grab _only_ the info you would want Mr. Evil Hacker to see. Even if this is on an intranet, I don't know about you, but I don't trust my users anymore than absolutely necessary, soooo...	[reply]
(jeffa) Re: Parsing log files by jeffa (Bishop) on Sep 12, 2000 at 20:20 UTC
Yes, remember - it's good to block attacks from the outside, but only if your own users won't attack you from the inside. Keep root stuff to root, trust no-one! Jeff	[reply]
Re: Parsing log files by cajun (Chaplain) on Sep 15, 2000 at 11:56 UTC
Thanks guys for the information. All good information!<?> I guess what I didn't say was that I am Joe User in this case. What I am trying to accomplish is parsing the logs to see various things in a browser. For instance, REJECT messages from my firewall. Yes, the entire network is behind a firewall. The only users here are myself, my wife (she's blonde....), and the dogs. So from an internal perspective, I have little to worry about. From the outside, the www server is only accessible from a couple of addresses and then it is passworded. So given the above, do you guys still think I'm at risk ? Now I liked BastardOperator's answer about grepping out the information I wanted. However, if I'm doing multiple things, then either I have to have multiple files or multiple grep args for the same file. Seems like at that point, then I've partially defeated the purpose of grepping the log file to start with. Thanks	[reply]