[logs] How do you cull through serial console logs?

Clayton Dukes (cdukes) cdukes at cisco.com
Tue Mar 18 11:24:51 PDT 2008 

Hey folks,
I'm coming in  a bit late on this (been out of town), but for an
interface to the database (search, graph, etc), you may want to give
php-syslog-ng a try. (note: I am the maintainer of said tool :-))

http://nms.gdd.net/index.php/PHP-Syslog-NG



-----Original Message-----
From: loganalysis-bounces at loganalysis.org
[mailto:loganalysis-bounces at loganalysis.org] On Behalf Of Rainer
Gerhards
Sent: Monday, March 10, 2008 4:21 AM
To: Michael Kinsley; loganalysis at loganalysis.org
Cc: consoleteam at gmail.com
Subject: RE: [logs] How do you cull through serial console logs?

[disclaimer: I am the author of rsyslog]

Hi,

I seem to have overlooked the original question. If I got it right, it
is about monitoring a large set of text files. Rsyslog recently got an
addition to do this natively:

http://www.rsyslog.com/doc-imfile.html

There is a compile-time limit of 100 files, but it's a simple matter of
changing a #define (I can help with doing that). That hard limit can
also be removed if there is real-world need to do so - as can additional
features be added.

Rainer

> -----Original Message-----
> From: loganalysis-bounces at loganalysis.org [mailto:loganalysis-
> bounces at loganalysis.org] On Behalf Of Michael Kinsley
> Sent: Saturday, March 08, 2008 5:52 AM
> To: Zonker Harris
> Cc: loganalysis at loganalysis.org
> Subject: Re: [logs] How do you cull through serial console logs?
> 
> You can use perl's IO::Multiplex module to watch all those files with
> non-blocking IO.
> 
> Courtesy of the Perl Cookbook and a little extra map{} from me:
> 
> use IO::Multiplex;
> 
> 
> my $regex_array = [
> qr/Pattern1/,
> 
> qr/Pattern2/,
> 
> qr/Pattern..n/
> 
> 
> 
> ];
> 
> 
> $mux = IO::Multiplex->new( );
> $mux->add($FH1);
> $mux->add($FH2); # ... and so on for all the filehandles to manage
> $mux->set_callback_object(_ _PACKAGE_ _);  # or an object
> $mux->Loop( );
> 
> sub mux_input {
>   my ($package, $mux, $fh, $input) = @_;
> 
>   map { $line =~ m/$_/ and print "Matched Line of Interest: $line \n"
}
> @{$regex_array};
> }
> 
> 
> 
> Michael Kinsley
> 
> Consulting Engineer
> 
> SenSage, Inc.
> 55 Hawthorne Street Ste. 700
> San Francisco, CA 94105 USA
> 
> email:     michael.kinsley at sensage.com
> mobile:  +1.415.465.0106
> fax:         +1.415.371.1385
> 
> 
> 
> On Mar 7, 2008, at 1:38 PM, Zonker Harris wrote:
> 
> 
> 	I'm using Conserver, which makes reverse-TCP connections to
> console server serial ports, so I can manage my hosts and net gear.
> This results in an ASCII text file for each device.
> 
> 	What tool(s) can I use to watch all (500+) files for
> 'interesting' strings, like malloc errors, failed logins, net
> connection/port/link failures?
> 
> 	I've found log watcher, but it is a one- file-at-a-time deal.
I'd
> rather not reinvent the wheel if there is a good answer out there. I'm
> hoping to get to RSA con this year, and perhaps find other pointers to
> share.
> 
> 	Thank you for any tips,
> 
> 	          =Z=
> 
> 	http://www.conserved.com/consoles/
> 	http://consoleteam.blogspot.com/
> 
> 	_______________________________________________
> 	LogAnalysis mailing list
> 	LogAnalysis at loganalysis.org
> 	http://www.loganalysis.org/mailman/listinfo/loganalysis
> 

_______________________________________________
LogAnalysis mailing list
LogAnalysis at loganalysis.org
http://www.loganalysis.org/mailman/listinfo/loganalysis

More information about the LogAnalysis mailing list