Subject: 1. Perl for log analysis 2. Specimen logs hello 1. I am pursuing a project in log analysis(mainly attacklogs..security) and i have a doubt regarding general log analyis. I would like to know why generally Perl, Python etc. are used for log analysis. The SYSLOG MODULE support in Perl is one reason. But a similar library in GNU C lib is available. viz:- syslog.h Why then do programmers go for Perl? Is it due to simpler pattern matching techniques available. Same are then available in C viz:- strtok(). Since i am new to perl and have to decide which of C and Perl is better for syslog log analysis, kindly sugegst the advantages of perl over C wrt log analysis. 2. I want specimen syslog logs esp security...for Red Hat Linux 8.0 Server. Any idea where can i get them? Thank you in advance. bye beproj
On Thu, 28 Oct 2004, beproj beproj wrote:
I would like to know why generally Perl, Python etc. are used for log analysis. The SYSLOG MODULE support in Perl is one reason. But a similar library in GNU C lib is available. viz:- syslog.h Why then do programmers go for Perl? Is it due to simpler pattern matching techniques available.
Ease and speed of development. I use a POE based setup that takes a feed from syslog-ng, I can update all of my rules on-the-fly without stopping my analyzer or having to recompile it. Using an interpreted language for your rules is a huge win on this front. - billn
1) perl has great regular expressions and easy parsing - string manipulation in C is a bear. * ROAR * there has to be a perlfaq that touts perls strengths here... 2) for security check out your systems "auth.*" output from syslog, - make sure your login daemons are logging apropriately (sshd) - for network stuff you can look at the ulogd project for firewall/netfilter. - any other apps? httpd, each may have its own requirements.. ? On Thu, 28 Oct 2004 09:13:59 -0700 (PDT), Bill Nash <billn@billn.net> wrote:
On Thu, 28 Oct 2004, beproj beproj wrote:
I would like to know why generally Perl, Python etc. are used for log analysis. The SYSLOG MODULE support in Perl is one reason. But a similar library in GNU C lib is available. viz:- syslog.h Why then do programmers go for Perl? Is it due to simpler pattern matching techniques available.
Ease and speed of development. I use a POE based setup that takes a feed from syslog-ng, I can update all of my rules on-the-fly without stopping my analyzer or having to recompile it. Using an interpreted language for your rules is a huge win on this front.
- billn _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
participants (3)
-
beproj beproj
-
Bill Nash
-
Dave Johnson