[syslog-ng]Perl for log analysis

Dave Johnson syslog-ng@lists.balabit.hu
Thu, 28 Oct 2004 16:03:21 -0500


1) perl has great regular expressions and easy parsing
   - string manipulation in C is a bear.  * ROAR *
    there has to be a perlfaq that touts perls strengths here...

2) for security check out your systems "auth.*" output from syslog, 
        - make sure your login daemons are logging apropriately (sshd)
        - for network stuff you can look at the ulogd project for
firewall/netfilter.
        - any other apps?  httpd, each may have its own requirements.. ? 

On Thu, 28 Oct 2004 09:13:59 -0700 (PDT), Bill Nash <billn@billn.net> wrote:
> On Thu, 28 Oct 2004, beproj beproj wrote:
> 
> 
> > I would like to know why generally Perl, Python etc. are used for log
> > analysis. The SYSLOG MODULE support in Perl is one reason. But a similar
> > library in GNU C lib is available. viz:- syslog.h Why then do
> > programmers go for Perl? Is it due to simpler pattern matching techniques available.
> 
>         Ease and speed of development. I use a POE based setup that takes
> a feed from syslog-ng, I can update all of my rules on-the-fly without
> stopping my analyzer or having to recompile it. Using an interpreted
> language for your rules is a huge win on this front.
> 
> - billn
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
> 
>