log_analysis 0.45
Sponsored Links
log_analysis 0.45 Ranking & Summary
File size:
0.13 MB
Platform:
Any Platform
License:
GPL (GNU General Public License)
Price:
Downloads:
1125
Date added:
2006-10-04
Publisher:
Mordechai T. Abzug
log_analysis 0.45 description
log_analysis is a log file analysis engine that extracts relevant data for any of the recognised log messages and produces a summary that is much easier to read.
Main features:
- Logs contain lots of extraneous stuff that I want to be logged, but that I dont want to sift through when I review logs (ie. routine, error-free daemon operation.)
- Logs contain a lot of repetition, which drowns out the interesting entries.
- Noting repetition can be tricky because each entry usually has extra features to make it unique, such as a date, maybe a PID (ie. for syslog), and maybe application-specific information (ie. sendmail queue IDs.)
- One needs to remember to review them. :)
- One needs to be root to looks at logs for some OSs.
- On most systems, looking at the logs for just one day can be a pain.
- If I attack each box I deal with and write a separate script to do all this, Ill waste a lot of time duplicating effort.
- Writing patterns is a pain even if you know regular expressions.
log_analysis is my solution to these problems. It goes through several different kinds of logs (currently syslog, wtmp, and sulog), over some period (defaults to yesterday). It strips out the date and PID, and throws away certain entries. Then it tries each entry against a list of perl regular expressions. Each perl regular expression is associated with a category name and a rule for extracting data. When theres a match, the data-extracting rule is applied, and filed under the category.
If a log entry is unknown, its filed under a special category for unknowns. Identical entries for a given category are sorted and counted. Theres an option to mail the output, so you can just run it out of cron. You can also save a local copy of the output. If you prefer to PGP-mail yourself the output, you can do this, too. The whole thing is designed to be easily extended, complete with an easy plug-in interface. The default mode is for reporting, but it also "real" and "gui" modes for continuous monitoring, complete with action support. Oh, and you can edit patterns in a GUI that helps write regular expressions quickly and easily.
Security
The program needs to run with permissions to read your log files in order to be useful, which usually means root. It does not default to SUID root, and I recommend not making it SUID, so just run it as root (ie. manually or out of cron). Ive tried to avoid temp files everywhere that I can, and in the one case where I do use a temp file, I make sure to use the POSIX tmpnam function instead of trying to make up my own temp file algorithm. The default umask is 077. If you use action commands, there is nothing to stop you from using parts of the log message in insecure ways, so for goodness sake, be careful.
Local extensions
log_analysis already has lots of rules, but chances are that you have log entries that arent already covered. So, log_analysis can easily be extended via a local config file, as documented in the log_analysis manpage. Theres even an easy way to do modular plug-ins.
Enhancements:
- This release includes a "find" feature in the GUI, various bugfixes, and assorted minor features.
Main features:
- Logs contain lots of extraneous stuff that I want to be logged, but that I dont want to sift through when I review logs (ie. routine, error-free daemon operation.)
- Logs contain a lot of repetition, which drowns out the interesting entries.
- Noting repetition can be tricky because each entry usually has extra features to make it unique, such as a date, maybe a PID (ie. for syslog), and maybe application-specific information (ie. sendmail queue IDs.)
- One needs to remember to review them. :)
- One needs to be root to looks at logs for some OSs.
- On most systems, looking at the logs for just one day can be a pain.
- If I attack each box I deal with and write a separate script to do all this, Ill waste a lot of time duplicating effort.
- Writing patterns is a pain even if you know regular expressions.
log_analysis is my solution to these problems. It goes through several different kinds of logs (currently syslog, wtmp, and sulog), over some period (defaults to yesterday). It strips out the date and PID, and throws away certain entries. Then it tries each entry against a list of perl regular expressions. Each perl regular expression is associated with a category name and a rule for extracting data. When theres a match, the data-extracting rule is applied, and filed under the category.
If a log entry is unknown, its filed under a special category for unknowns. Identical entries for a given category are sorted and counted. Theres an option to mail the output, so you can just run it out of cron. You can also save a local copy of the output. If you prefer to PGP-mail yourself the output, you can do this, too. The whole thing is designed to be easily extended, complete with an easy plug-in interface. The default mode is for reporting, but it also "real" and "gui" modes for continuous monitoring, complete with action support. Oh, and you can edit patterns in a GUI that helps write regular expressions quickly and easily.
Security
The program needs to run with permissions to read your log files in order to be useful, which usually means root. It does not default to SUID root, and I recommend not making it SUID, so just run it as root (ie. manually or out of cron). Ive tried to avoid temp files everywhere that I can, and in the one case where I do use a temp file, I make sure to use the POSIX tmpnam function instead of trying to make up my own temp file algorithm. The default umask is 077. If you use action commands, there is nothing to stop you from using parts of the log message in insecure ways, so for goodness sake, be careful.
Local extensions
log_analysis already has lots of rules, but chances are that you have log entries that arent already covered. So, log_analysis can easily be extended via a local config file, as documented in the log_analysis manpage. Theres even an easy way to do modular plug-ins.
Enhancements:
- This release includes a "find" feature in the GUI, various bugfixes, and assorted minor features.
log_analysis 0.45 Screenshot
log_analysis 0.45 Keywords
log file analysis
Log file
File Analysis
analysis engine
log
analysis
file
logs
data
regular
log_analysis
loganalysis
log_analysis 0.45
Log Analyzers
Internet
Bookmark log_analysis 0.45
log_analysis 0.45 Copyright
WareSeeker periodically updates pricing and software information of log_analysis 0.45 full version from the publisher, so some information may be slightly out-of-date. You should confirm all information before relying on it. Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future development of log_analysis 0.45 Edition. Download links are directly from our publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
Featured Software
Want to place your software product here?
Please contact us for consideration.
Contact WareSeeker.com
Related Information
hijackthis log file analysis
web log file analysis
iis log file analysis
engineering analysis
log file analysis tools
log file analysis software
analysis from around
swot analysis
analysis services
log file analysis program
log splitter
analysis group
analysis of poems
dream analysis
log homes
water analysis
analysis math
log files
Related Software
IPTables log analizer displays Linux 2.4 iptables logs in a nice HTML page. Free Download
Logfilter is a tool for performing ad hoc analysis on Apache log files. Free Download
TclMagick is a Tcl extension that works with both the GraphicsMagick and ImageMagick image manipulation libraries. Free Download
PerlPoint::Anchors is a simple anchor collection class. Free Download
AsItHappens is a real-time network performance monitor. Free Download
Wflogs is a firewall log analysis tool. Free Download
loggerfs is the virtual file system that allows you to store logs in a database. Free Download
Lovi is a log file viewer for the K Desktop Environment. Free Download
Latest Software
Popular Software
Favourite Software
