Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

izut (6269)

izut
  (email not shown publicly)
AOL IM: igorsutton (Add Buddy, Send Message)

Perl programmer and enthusiast.

Journal of izut (6269)

Wednesday February 22, 2006
08:47 PM

logspy.pl

[ #28782 ]

This week I've written a lot of code and documentation on logspy.pl. I'm planning to release it on SourceForge in about two weeks, after writing some input and output examples modules.

logspy.pl is a rewrite of a project I wrote at work, for parsing Postfix' logfiles on the fly. I figured out that it could be used to parse other logs, so I wrote a simple main engine and a plugin architeture for modular parsing, i.e. you will be able to use an input module like Logspy::Input::Messages to parse syslog messages file (/var/log/messages) and outputing it to a MySQL database using Logspy::Input::Messages::MySQLDump, for example.

You can write your own modules for anything you want. At work, for example we use a similar system that reads the /var/log/maillog file and then count messages sent from authenticated users and messages received from external IP addresses. Those datum is used to generate iptables rules for spam prevention.

I'll make sure you'll know when I release it :)

Update: An english typo :)

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • I've done some similar stuff, but mostly for very specific stuff.

    Just 2 cent's on the naming.

    -) Input plugins can vary, so better have the namespace be prepared for it.

    Logspy::Input::Message should probably be Logspy::Input::Syslog::Message if it parses syslog stuff

    -) When logspy is writing in the DB I would recommend naming it Logspy::Output::Mysql which would be rather self-describing

    Keep on going, I'm looking forward to the CPAN module.

    But when you do a mysql dump, you should consider
    --
    Hmmm... someone stole my signature...