|
|
LogAnalysis
[logs] How do you cull through serial console logs? Mar 07 2008 09:38PM Zonker Harris (consoleteam gmail com) (2 replies) AW: [logs] How do you cull through serial console logs? Mar 10 2008 06:48AM christian folini post ch Re: [logs] How do you cull through serial console logs? Mar 08 2008 04:51AM Michael Kinsley (michael kinsley sensage com) (2 replies) Re: [logs] How do you cull through serial console logs? Mar 10 2008 01:31PM Ulisses Reina Montenegro de Albuquerque (ulisses tempest com br) |
|
Privacy Statement |
Hi,
I seem to have overlooked the original question. If I got it right, it
is about monitoring a large set of text files. Rsyslog recently got an
addition to do this natively:
http://www.rsyslog.com/doc-imfile.html
There is a compile-time limit of 100 files, but it's a simple matter of
changing a #define (I can help with doing that). That hard limit can
also be removed if there is real-world need to do so - as can additional
features be added.
Rainer
> -----Original Message-----
> From: loganalysis-bounces (at) loganalysis (dot) org [email concealed] [mailto:loganalysis-
> bounces (at) loganalysis (dot) org [email concealed]] On Behalf Of Michael Kinsley
> Sent: Saturday, March 08, 2008 5:52 AM
> To: Zonker Harris
> Cc: loganalysis (at) loganalysis (dot) org [email concealed]
> Subject: Re: [logs] How do you cull through serial console logs?
>
> You can use perl's IO::Multiplex module to watch all those files with
> non-blocking IO.
>
> Courtesy of the Perl Cookbook and a little extra map{} from me:
>
> use IO::Multiplex;
>
>
> my $regex_array = [
> qr/Pattern1/,
>
> qr/Pattern2/,
>
> qr/Pattern..n/
>
>
>
> ];
>
>
> $mux = IO::Multiplex->new( );
> $mux->add($FH1);
> $mux->add($FH2); # ... and so on for all the filehandles to manage
> $mux->set_callback_object(_ _PACKAGE_ _); # or an object
> $mux->Loop( );
>
> sub mux_input {
> my ($package, $mux, $fh, $input) = @_;
>
> map { $line =~ m/$_/ and print "Matched Line of Interest: $line \n"
}
> @{$regex_array};
> }
>
>
>
> Michael Kinsley
>
> Consulting Engineer
>
> SenSage, Inc.
> 55 Hawthorne Street Ste. 700
> San Francisco, CA 94105 USA
>
> email: michael.kinsley (at) sensage (dot) com [email concealed]
> mobile: +1.415.465.0106
> fax: +1.415.371.1385
>
>
>
> On Mar 7, 2008, at 1:38 PM, Zonker Harris wrote:
>
>
> I'm using Conserver, which makes reverse-TCP connections to
> console server serial ports, so I can manage my hosts and net gear.
> This results in an ASCII text file for each device.
>
> What tool(s) can I use to watch all (500+) files for
> 'interesting' strings, like malloc errors, failed logins, net
> connection/port/link failures?
>
> I've found log watcher, but it is a one- file-at-a-time deal.
I'd
> rather not reinvent the wheel if there is a good answer out there. I'm
> hoping to get to RSA con this year, and perhaps find other pointers to
> share.
>
> Thank you for any tips,
>
> =Z=
>
> http://www.conserved.com/consoles/
> http://consoleteam.blogspot.com/
>
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis (at) loganalysis (dot) org [email concealed]
> http://www.loganalysis.org/mailman/listinfo/loganalysis
>
_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis
[ reply ]