{"id":13509879,"url":"https://github.com/prateeknischal/webtail","last_synced_at":"2025-08-30T15:05:26.025Z","repository":{"id":57483969,"uuid":"129437244","full_name":"prateeknischal/webtail","owner":"prateeknischal","description":"A web-server based remote tailing tool writing in golang","archived":false,"fork":false,"pushed_at":"2018-12-04T17:15:47.000Z","size":924,"stargazers_count":84,"open_issues_count":2,"forks_count":104,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-08-30T15:04:21.413Z","etag":null,"topics":["authentication","cgo","golang","logviewer","pam","pam-authentication","websocket","webtail"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/prateeknischal.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-04-13T18:03:50.000Z","updated_at":"2025-08-18T02:04:10.000Z","dependencies_parsed_at":"2022-08-26T12:23:53.511Z","dependency_job_id":null,"html_url":"https://github.com/prateeknischal/webtail","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/prateeknischal/webtail","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/prateeknischal%2Fwebtail","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/prateeknischal%2Fwebtail/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/prateeknischal%2Fwebtail/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/prateeknischal%2Fwebtail/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/prateeknischal","download_url":"https://codeload.github.com/prateeknischal/webtail/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/prateeknischal%2Fwebtail/sbom","scorecard":{"id":743963,"data":{"date":"2025-08-11","repo":{"name":"github.com/prateeknischal/webtail","commit":"f080756c9d6cbcf47b87e9303149a413a042a5df"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3,"checks":[{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":0,"reason":"Found 1/16 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 1 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-22T18:13:58.475Z","repository_id":57483969,"created_at":"2025-08-22T18:13:58.476Z","updated_at":"2025-08-22T18:13:58.476Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":272864641,"owners_count":25006040,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-30T02:00:09.474Z","response_time":77,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","cgo","golang","logviewer","pam","pam-authentication","websocket","webtail"],"created_at":"2024-08-01T02:01:15.791Z","updated_at":"2025-08-30T15:05:25.997Z","avatar_url":"https://github.com/prateeknischal.png","language":"Go","funding_links":[],"categories":["Go","websocket"],"sub_categories":[],"readme":"# Webtail\n\n[![](https://goreportcard.com/badge/github.com/prateeknischal/webtail)](https://goreportcard.com/report/github.com/prateeknischal/webtail)\n\n### Yet another browser based remote log viewer written in Golang\n\nWebtail is a web-socket based server that streams log files onto your browser. Written in [Golang](https://golang.org), this application provides a basic and clean material UI to view the logs as well.\n\n### Usage\n\n```\n$ go run main.go --help\nusage: main [\u003cflags\u003e] [\u003cdir\u003e...]\n\nFlags:\n      --help               Show context-sensitive help (also try --help-long and --help-man).\n  -p, --port=8080          Port number to host the server\n  -r, --restrict           Enforce PAM authentication (single level)\n  -a, --acl=ACL            enable Access Control List with users in the provided file\n  -t, --cron=\"0h\"          configure cron for re-indexing files, Supported durations:[h -\u003e hours, d -\u003e days]\n  -s, --secure             Run Server with TLS\n  -c, --cert=\"server.crt\"  Server Certificate\n  -k, --key=\"server.key\"   Server Key File\n\nArgs:\n  [\u003cdir\u003e]  Directory path(s) to look for files\n\n\n```\n\nTo view the UI, navigate to *http(s)://server_ip:port* and you will be presented with a UI to view the logs.\n\n#### Examples\n```\n./webtail\n```\nThis will run the server on port `8080` and look for files in the current Directory\n```\n./webtail --port 15000 /var/log/tomcat /tmp/\n```\nThis will run the server on port 15000 and recursively look for files in `/var/log/tomcat` and `/tmp` directories (provided the permissions)\n\n```\n./webtail /var/log/tomcat /tmp/ --restrict\n```\nThis will add an authentication layer over it. Once you navigate to the home page, it will redirect to the `/login` page and ask for username and password. Since this is supposed to be as generic as possible, hence it uses PAM authentication to authenticate the user. You need to provide the credentials that you would use to login to the host on which the server is hosted. Right now it would only authenticate via PAM if only a single step is required.\n\nFor this it uses [CGO](https://github.com/golang/go/wiki/cgo). A basic starting point for this would be [Calling Go functions from C](https://medium.com/using-go-in-mobile-apps/using-go-in-mobile-apps-part-1-calling-go-functions-from-c-be1ecf7dfbc6). This also has information on how to call C funtions from Golang, which is what is being used in this module. It is performing PAM authentication using the `passwd` service in [pam_auth.go](https://github.com/prateeknischal/webtail/blob/master/util/pam_auth.go).\n\nThis contains the code to interact with the system's PAM and check if a username/password combination is valid or not.\n\nSome information about pam authentication : [RedHat - PAM Configuration files](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/managing_smart_cards/pam_configuration_files)\n\n\n```\n./webtail /var/log/tomcat --restrict --acl ~/allowed-users.txt\n```\nThis will have the authentication layer with another layer of ACL, allowing only those users to authenticate with the server which are in the `~/allowed-users.txt`. It accepts a file that has newline separated usernames.\n\n\n```\n./webtail /var/log/tomcat --restrict --cron 5h\n```\nThis will make the server re-index files every 5 hours. And the **New** files will be served only after a page refresh, once it has been indexed.\n\n\n### Build From Source\n\nTo build from source, please refer the Makefile, all you need to do is change the `GOOS` and `GOARCH` variables to your specific distributions. The Makefile has it configured for `linux/amd64` by default.\n\n```\nmake clean package\n```\nIf you are testing it then:\n```\nmake clean build\n```\nand then you can run it from the project root\n\n**Note**    \n* If you get the following error:\n```\nsecurity/pam_appl.h: No such file or directory\n```\nThen you need to install PAM developement libraries.    \n*CentOS* : `yum install pam-devel`    \n*Debian* : `sudo apt-get install -y libpam0g-dev`   \nReference: [pam_appl.h and pam_misc.h missing](https://stackoverflow.com/questions/15614823/pam-appl-h-and-pam-misc-h-missing-in-rshd-c-source-code)\n\n\n* If you get the following error, then try building this in a linux box.\n(I saw some SO or Github post on this suggesting a fork of golang)\n```\n/usr/local/go/pkg/tool/darwin_amd64/link: running clang failed: exit status 1\nld: warning: ignoring file /var/folders/30/qpxs8kwj3jzc612r2gsq17zwc2yvq5/T/go-link-136319902/go.o, file was built for unsupported file format ( 0x7F 0x45 0x4C 0x46 0x02 0x01 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 ) which is not the architecture being linked (x86_64): /var/folders/30/qpxs8kwj3jzc612r2gsq17zwc2yvq5/T/go-link-136319902/go.o\nUndefined symbols for architecture x86_64:\n  \"__cgo_topofstack\", referenced from:\n      __cgo_fc9493e99cab_Cfunc_authenticate_system in 000001.o\n      __cgo_f7895c2c5a3a_C2func_getnameinfo in 000004.o\n      __cgo_f7895c2c5a3a_Cfunc_getnameinfo in 000004.o\n      __cgo_f7895c2c5a3a_C2func_getaddrinfo in 000006.o\n      __cgo_f7895c2c5a3a_Cfunc_gai_strerror in 000006.o\n      __cgo_f7895c2c5a3a_Cfunc_getaddrinfo in 000006.o\n  \"_main\", referenced from:\n     implicit entry/start for main executable\nld: symbol(s) not found for architecture x86_64\nclang: error: linker command failed with exit code 1 (use -v to see invocation)\n```\n\n* It uses the `LDFLAG -lpam` to build the C code, so if you get errors related to this, worth looking for.\n\n### TLS Server\n\nTo run the server with TLS enabled use `--secure` flag. It will search for `server.crt` and `server.key` files in the current directory, if not will fail.\n\n```\n./webtail /var/log/tomcat --secure --cert /path/to/server.crt --key /path/to/server.key --port 8443 --restrict\n```\n\nIf you are running it on `--restrict` mode then it is recommended to use `--secure` flag as well to protect the login credentials on the wire.\n\nServer Accepts connections only on `TLSv1.1` and above    \nList of CiphersSuites supported by the server:\n```\ntls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\ntls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\ntls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256\ntls.TLS_RSA_WITH_AES_256_GCM_SHA384\ntls.TLS_RSA_WITH_AES_256_CBC_SHA\n```\n\nto connect to a particular cipher you can use       \n**TLSv1.1**\n```\necho \"\" | openssl s_client -connect localhost:8443 -cipher AES256-SHA -tls1_1 -quiet 2\u003e/dev/null\n```\n**TLSv1.2**\n```\n echo \"\" | openssl s_client -connect localhost:8443 -cipher ECDHE-RSA-AES128-SHA256 -tls1_2 -quiet 2\u003e/dev/null\n```\n\n**Note**: It requires the private key to be in the plain text format. i.e. it should not be passphrase protected. Can be done via\n```\nopenssl rsa -in [file1.key] -out [file2.key]\n```\n\n### Cron\n\nCron option supports only 2 formats of time: `days` and `hours`.      \nYou can say something like `5h` or `1d` or `100h` or `4d`. Zero prefixed time intervals are not allowed and will fail.    \n**Note**: By default cron is not enabled and will not re-index files.\n\n### Screenshots\nLogin\n![N|Solid](https://raw.githubusercontent.com/prateeknischal/webtail/master/screenshots/webtail_login.png)\n\nDashboard\n![N|Solid](https://raw.githubusercontent.com/prateeknischal/webtail/master/screenshots/webtail_dashboard.png)\n\nSideNav\n![N|Solid](https://raw.githubusercontent.com/prateeknischal/webtail/master/screenshots/webtail_filenav.png)\n\nTail\n![N|Solid](https://raw.githubusercontent.com/prateeknischal/webtail/master/screenshots/webtail_tail.png)\n\n#### TODOs\n* ~~Add https support~~\n* ~~Add cron support to re-index files in the provided directories~~\n* Add file descriptor pooling while tailing to conserver resources\n* Add authentication on websockets (cannot validate CSRF token on GET request in gorilla/csrf, checking Origin header only for now)\n* Add a proper logger\n* Any help in UI is most welcome\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprateeknischal%2Fwebtail","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fprateeknischal%2Fwebtail","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprateeknischal%2Fwebtail/lists"}