[syslog-ng]Perl for log analysis
Dave Johnson
syslog-ng@lists.balabit.hu
Thu, 28 Oct 2004 16:03:21 -0500
1) perl has great regular expressions and easy parsing
- string manipulation in C is a bear. * ROAR *
there has to be a perlfaq that touts perls strengths here...
2) for security check out your systems "auth.*" output from syslog,
- make sure your login daemons are logging apropriately (sshd)
- for network stuff you can look at the ulogd project for
firewall/netfilter.
- any other apps? httpd, each may have its own requirements.. ?
On Thu, 28 Oct 2004 09:13:59 -0700 (PDT), Bill Nash <billn@billn.net> wrote:
> On Thu, 28 Oct 2004, beproj beproj wrote:
>
>
> > I would like to know why generally Perl, Python etc. are used for log
> > analysis. The SYSLOG MODULE support in Perl is one reason. But a similar
> > library in GNU C lib is available. viz:- syslog.h Why then do
> > programmers go for Perl? Is it due to simpler pattern matching techniques available.
>
> Ease and speed of development. I use a POE based setup that takes
> a feed from syslog-ng, I can update all of my rules on-the-fly without
> stopping my analyzer or having to recompile it. Using an interpreted
> language for your rules is a huge win on this front.
>
> - billn
> _______________________________________________
> syslog-ng maillist - syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>