1) perl has great regular expressions and easy parsing - string manipulation in C is a bear. * ROAR * there has to be a perlfaq that touts perls strengths here... 2) for security check out your systems "auth.*" output from syslog, - make sure your login daemons are logging apropriately (sshd) - for network stuff you can look at the ulogd project for firewall/netfilter. - any other apps? httpd, each may have its own requirements.. ? On Thu, 28 Oct 2004 09:13:59 -0700 (PDT), Bill Nash <billn@billn.net> wrote:
On Thu, 28 Oct 2004, beproj beproj wrote:
I would like to know why generally Perl, Python etc. are used for log analysis. The SYSLOG MODULE support in Perl is one reason. But a similar library in GNU C lib is available. viz:- syslog.h Why then do programmers go for Perl? Is it due to simpler pattern matching techniques available.
Ease and speed of development. I use a POE based setup that takes a feed from syslog-ng, I can update all of my rules on-the-fly without stopping my analyzer or having to recompile it. Using an interpreted language for your rules is a huge win on this front.
- billn _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html