BSDCan2011 - Final (with audio).5

BSDCan 2011
The Technical BSD Conference

Dan Ferris
Day Talks - 1 - 2011-05-13
Room DMS 1140
Start time 16:30
Duration 01:00
ID 229
Event type Lecture
Track System Administration
Language used for presentation English

Rapid Report generation for the System Administrator

Using HTSQL, Snort, and FreeBSD

Using the Snort IDS as an example, we will show you how to use HTSQL to radically simplify your reporting infrastructure and ultimately make your work easier.

HTSQL - A URI to SQL translation language. Snort - The IDS that can log to a database backend FreeBSD - The OS that runs it all.

Every Systems Administrator has tools like syslog receivers, SNMP pollers, or IDS systems that are used to gather data about the systems that we manage and add the data to an SQL database. Reporting on this data in a meaningful way is highly complex and time consuming and often ends up with many discrete reporting tools spread across dozens of systems. I will show you how to use HTSQL to make generating your reports quick and easy as well as look good.

HTSQL is a URI graph-oriented query language designed for people who need to generate reports quickly with a minimum of programming. HTSQL provides a web access gateway to an SQL database and it provides an extensible front end for data processing.

HTSQL makes sharing reports and queries extremely simple. The URL for the report can simply be emailed, put in a document, or pasted into an IM. Output can be formatted in HTML, XML, CSV, or JSON so it can be read easily by either a script or by a human.

HTSQL can also be combined with HTRAF. HTRAF is a Javascript library that allows rapid development of dashboards and other HTSQL applications.. HTRAF can be used by a web developer to embed HTSQL queries into their pages. This creates an environment for RAD of HTSQL applications. In short, no server side code needs to be developed to create reports or dashboards using HTSQL.

Snort is the most popular open source Intrusion Detection System. Snort is a good example of a tool that has a database schema that is just complicated enough that report writing for the database is complicated and time consuming.

HTSQL can front end more than one database. This means you can combine Snort data with data from other tools such as Syslog, SNMP, or a custom in house application. HTSQL makes it a snap to correlate data between applications.

To sum it all up: "Write someone a query, they'll go away for a day. Teach someone to query, they'll just go away."