LogAnalysis
[logs] How do you cull through serial console logs? Mar 07 2008 09:38PM
Zonker Harris (consoleteam gmail com) (2 replies)
AW: [logs] How do you cull through serial console logs? Mar 10 2008 06:48AM
christian folini post ch
Re: [logs] How do you cull through serial console logs? Mar 08 2008 04:51AM
Michael Kinsley (michael kinsley sensage com) (2 replies)
You can use perl's IO::Multiplex module to watch all those files with
non-blocking IO.

Courtesy of the Perl Cookbook and a little extra map{} from me:

use IO::Multiplex;

my $regex_array = [
qr/Pattern1/,
qr/Pattern2/,
qr/Pattern..n/

];

$mux = IO::Multiplex->new( );
$mux->add($FH1);
$mux->add($FH2); # ... and so on for all the filehandles to manage
$mux->set_callback_object(_ _PACKAGE_ _); # or an object
$mux->Loop( );

sub mux_input {
my ($package, $mux, $fh, $input) = @_;

map { $line =~ m/$_/ and print "Matched Line of Interest: $line
\n" } @{$regex_array};
}

Michael Kinsley

Consulting Engineer

SenSage, Inc.
55 Hawthorne Street Ste. 700
San Francisco, CA 94105 USA

email: michael.kinsley (at) sensage (dot) com [email concealed]
mobile: +1.415.465.0106
fax: +1.415.371.1385

On Mar 7, 2008, at 1:38 PM, Zonker Harris wrote:

> I'm using Conserver, which makes reverse-TCP connections to console
> server serial ports, so I can manage my hosts and net gear. This
> results in an ASCII text file for each device.
>
> What tool(s) can I use to watch all (500+) files for 'interesting'
> strings, like malloc errors, failed logins, net connection/port/
> link failures?
>
> I've found log watcher, but it is a one- file-at-a-time deal. I'd
> rather not reinvent the wheel if there is a good answer out there.
> I'm hoping to get to RSA con this year, and perhaps find other
> pointers to share.
>
> Thank you for any tips,
>
> =Z=
>
> http://www.conserved.com/consoles/
> http://consoleteam.blogspot.com/
>
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis (at) loganalysis (dot) org [email concealed]
> http://www.loganalysis.org/mailman/listinfo/loganalysis

<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">
You can use perl's IO::Multiplex module to watch all those files with non-blocking IO.<div><br class="webkit-block-placeholder"></div><div>Courtesy of the Perl Cookbook and a little extra map{} from me:</div><div><br class="webkit-block-placeholder"></div><div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><font face="Courier New" size="3" color="#000e5f" style="font: 11.0px Courier New; color: #000e5f">use IO::Multiplex;</font></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><font class="Apple-style-span" color="#000E5F" face="'Courier New'" size="3"><span class="Apple-style-span" style="font-size: 11px;"><br class="webkit-block-placeholder"></span></font></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><font class="Apple-style-span" color="#000E5F" face="'Courier New'" size="3"><span class="Apple-style-span" style="font-size: 11px;">my $regex_array = [</span></font></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><font class="Apple-style-span" color="#000E5F" face="'Courier New'" size="3"><span class="Apple-style-span" style="font-size: 11px;"><span class="Apple-tab-span" style="white-space:pre"> </span>qr/Pattern1/, <br class="webkit-block-placeholder"></span></font></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><font class="Apple-style-span" color="#000E5F" face="'Courier New'" size="3"><span class="Apple-style-span" style="font-size: 11px;"><span class="Apple-tab-span" style="white-space:pre"> </span>qr/Pattern2/,<br class="webkit-block-placeholder"></span></font></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><font class="Apple-style-span" color="#000E5F" face="'Courier New'" size="3"><span class="Apple-style-span" style="font-size: 11px;"><span class="Apple-tab-span" style="white-space:pre"> </span>qr/Pattern..n/<br class="webkit-block-placeholder"></span></font></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><font class="Apple-style-span" color="#000E5F" face="'Courier New'" size="3"><span class="Apple-style-span" style="font-size: 11px;"><br class="webkit-block-placeholder"></span></font></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><font class="Apple-style-span" color="#000E5F" face="'Courier New'" size="3"><span class="Apple-style-span" style="font-size: 11px;">];</span></font></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><font class="Apple-style-span" color="#000E5F" face="'Courier New'" size="3"><span class="Apple-style-span" style="font-size: 11px;"><br class="webkit-block-placeholder"></span></font></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><font face="Courier New" size="3" color="#000e5f" style="font: 11.0px Courier New; color: #000e5f">$mux = IO::Multiplex->new( );</font></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><font face="Courier New" size="3" color="#000e5f" style="font: 11.0px Courier New; color: #000e5f">$mux->add($FH1);</font></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><font face="Courier New" size="3" color="#000e5f" style="font: 11.0px Courier New; color: #000e5f">$mux->add($FH2); # ... and so on for all the filehandles to manage</font></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><font face="Courier New" size="3" color="#000e5f" style="font: 11.0px Courier New; color: #000e5f">$mux->set_callback_object(_ _PACKAGE_ _);  # or an object</font></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><font face="Courier New" size="3" color="#000e5f" style="font: 11.0px Courier New; color: #000e5f">$mux->Loop( );</font></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 11px/normal 'Courier New'; color: rgb(0, 14, 95); min-height: 12px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><font face="Courier New" size="3" color="#000e5f" style="font: 11.0px Courier New; color: #000e5f">sub mux_input {</font></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><font face="Courier New" size="3" color="#000e5f" style="font: 11.0px Courier New; color: #000e5f">  my ($package, $mux, $fh, $input) = @_;</font></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><font face="Courier New" size="3" color="#000e5f" style="font: 11.0px Courier New; color: #000e5f">  </font></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><font class="Apple-style-span" color="#000E5F" face="'Courier New'" size="3"><span class="Apple-style-span" style="font-size: 11px;">  map { $line =~ m/$_/ and print "Matched Line of Interest: $line \n" } @{$regex_array};</span></font></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><font face="Courier New" size="3" color="#000e5f" style="font: 11.0px Courier New; color: #000e5f">}</font></div><div><font class="Apple-style-span" color="#000E5F" face="'Courier New'" size="3"><span class="Apple-style-span" style="font-size: 11px;"><br class="webkit-block-placeholder"></span></font></div></div><div><br><div
> <span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0; "><div>Michael Kinsley</div><div><br class="khtml-block-placeholder"></div><div>Consulting Engineer</div><div><br class="khtml-block-placeholder"></div><div>SenSage, Inc.</div><div>55 Hawthorne Street Ste. 700</div><div>San Francisco, CA 94105 USA</div><div><br class="khtml-block-placeholder"></div><div>email:     <a href="mailto:michael.kinsley (at) sensage (dot) com [email concealed]">michael.kinsley (at) sensage (dot) com [email concealed]</a
></div><div>mobile:  +1.415.465.0106</div><div>fax:         +1.415.371.1385</div><br class="Apple-interchange-newline"></span><br class="Apple-interchange-newline"> </div><br><div><div>On Mar 7, 2008, at 1:38 PM, Zonker Harris wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">I'm using Conserver, which makes reverse-TCP connections to console server serial ports, so I can manage my hosts and net gear. This results in an ASCII text file for each device.</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">What tool(s) can I use to watch all (500+) files for 'interesting' strings, like malloc errors, failed logins, net connection/port/link failures?</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">I've found log watcher, but it is a one- file-at-a-time deal. I'd rather not reinvent the wheel if there is a good answer out there. I'm hoping to get to RSA con this year, and perhaps find other pointers to share.</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Thank you for any tips,</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><span class="Apple-converted-space">          </span>=Z=</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><a href="http://www.conserved.com/consoles/">http://www.conserved.com/conso
les/</a></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><a href="http://consoleteam.blogspot.com">http://consoleteam.blogspot.com</
a>/</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">_______________________________________________</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">LogAnalysis mailing list</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><a href="mailto:LogAnalysis (at) loganalysis (dot) org [email concealed]">LogAnalysis (at) loganalysis (dot) org [email concealed]</a
></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><a href="http://www.loganalysis.org/mailman/listinfo/loganalysis">http://ww
w.loganalysis.org/mailman/listinfo/loganalysis</a></div> </blockquote></div><br></div></body></html>_____________________________
__________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]
Re: [logs] How do you cull through serial console logs? Mar 10 2008 01:31PM
Ulisses Reina Montenegro de Albuquerque (ulisses tempest com br)
RE: [logs] How do you cull through serial console logs? Mar 10 2008 08:21AM
Rainer Gerhards (rgerhards hq adiscon com) (1 replies)
RE: [logs] How do you cull through serial console logs? Mar 18 2008 06:24PM
Clayton Dukes (cdukes) (cdukes cisco com) (1 replies)
RE: [logs] How do you cull through serial console logs? Mar 19 2008 05:41PM
Balazs Scheidler (bazsi balabit hu) (1 replies)
RE: [logs] How do you cull through serial console logs? Apr 03 2008 03:00AM
Clayton Dukes (cdukes) (cdukes cisco com)


 

Privacy Statement
Copyright 2010, SecurityFocus