Streaming live views into mal4s - secure411dotorg/mal4s GitHub Wiki

---

Mal4s-Kiosk with line buffering

####Streaming Example Using bash:

#####Create a named pipe:

mkfifo pipen2mal4s

#####Start mal4s tailing the named pipe:

tail -Ff pipen2mal4s |mal4s --load-config dissect.conf

#####Periodically send data to the named pipe:

Open a new terminal window.

head test.mal4s >> pipen2mal4s

You should see the mal4s window and ten items form.

mal4s will continue waiting for more input.

######Adds ten more items to the test display:

head -n20 test.mal4s|tail >> pipen2mal4s

######Delete the first ten items:

head -n10 test.mal4s|tail|sed 's/|A|/|D|/g' >> pipen2mal4s

######Modify the color of selected items:

head -n10 test.mal4s|tail -n5|sed 's/|A|/|M|/g'|cut -d"|" -f1-4|sed 's/$/\|990000/' >> pipen2mal4s

####Displaying remote logs locally

On your local GUI machine (such as a Macbook that has mal4s installed) in a terminal window start a netcat listener:

nc -klvv 20000 > pipen2mal4s

You must set up port forwarding to bring Internet traffic arriving on port 20000 to your local machine.

On the remote machine(s) that produce mal4s formatted data from logs:

cat test.mal4s|nc 1.2.3.4 20000

where 1.2.3.4 is the public IP of the router your GUI machine running mal4s sits behind.

Above is a simple demo of how you can have a kiosk based on mal4s which displays streaming data from many remote locations to one GUI.

socat is recommended in place of netcat and the use of ACL restrictions available with socat is recommended to prevent unauthorized connections.

####Adding, Modifying and Deleting Displayed Items

mal4s input format has a column that indicates if the line is to be Added, Modified, or Deleted.

Typically your lines are going to include the |A| for Add.

If you want to change the color or other data for that item in a subsequent line, use |M| for Modify instead of the |A|.

To make items disappear from the display, repeat the same line you originally Added, substituting a |D| in place of the |A|.