Hi,
I have recently reimplemented much of the functionality of Psionic's
Logcheck in a perl script. I have also added functionality to make it
more useful in a central log server enviroment (you can specify specific
checks for different hosts and have reports for different hosts mailed
to different admins).
We are now testing it in a production enviroment, when we are happy with
it and I have written some documentation (what's that ?? ;-) I will post
the script to the list for others to have a play with.
My immediate concern is that the perl scripts builds functions that
apply lots of regular expressions (REs) to each line of log files.
sub check {
$_ = shift;
study $_; #hopefully speed up matching...
return 0 if /re1/;
return 0 if /re2/;
return 1 if /re3/;
return 1 if /re4/;
return 1 if /re5/;
return 2 if /re6/;
return 2 if /re7/i;
return 3 if /re8/;
...
return 4;
}
return code tells the program what to do with this record.
Anyone know of any tricks to speed this up since this is the innermost
loop of the process any gains here should be worthwhile. I know the RE
optimizer is pretty smart and that it will do some optimization over
statements but I have never figured out what the limitations are.
--
Russell Fulton, Computer and Network Security Officer
The University of Auckland, New Zealand
"It aint necessarily so" - Gershwin
_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Mon Aug 26 2002 - 02:02:56 PDT