[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Summarizing IP logging



hello greg,

>  - I've seen posts asking about log analysis scripts with few if any
>    replies.  Is anyone working on such a beast (Perl, SH, whatever)?

I think there is something out there to that effect...  but I really
can't recall...  what type of log analysis are you looking for?
 
>  - Does it make sense to write another app to do such analysis and/or
>    summarization or is there any chance of getting this functionality
>    added to iptraf?

Well, sense wise, anything that makes it do what you want is what makes
sense.  :)  

>  - How much work would it be to build a version of iptraf that just
>    supports daemon mode/command-line interface (i.e. no curses)?

Yes, and no.  No because its already supported and you don't need to
build a new version. ;)

below is the snippet of 'iptraf -h' command...

=======================================================

Syntax:
    iptraf [ -f ] [ { -i iface | -g | -d iface | -s iface | -z iface |
           -l iface } [ -t timeout ] [ -B [ -L logfile ] ] ]

Issue the iptraf command with no parameters for menu-driven operation.
These options can also be supplied to the command:

-i iface    - start the IP traffic monitor (use "-i all" for all
interfaces)
-g          - start the general interface statistics
-d iface    - start the detailed statistics facility on an interface
-s iface    - start the TCP and UDP monitor on an interface
-z iface    - shows the packet size counts on an interface
-l iface    - start the LAN station monitor ("-l all" for all LAN
interfaces)
-B          - run in background (use only with one of the above
parameters)
-t timeout  - when used with one of the above parameters, tells
              the facility to run only for the specified number of
              minutes (timeout)
-L logfile  - when used with -B, allows you to specify an alternate
              log file.  The log is placed in /var/log/iptraf if a path
is not
              specified.
-f          - Clear all locks and counters.  Use with great caution.
              Normally used to recover from an abnormal termination.

IPTraf 2.5.0 Copyright (c) Gerard Paul Java 1997-2001

================================================================

The key is the -B command.

But then again, only one type of analysis seems to be able to be run at
once, but I'm not sure whether multiple background processes can be run
at the same time and not do something to internal data tracking
capabilities...  i.e. distribution of packet data across multiple
processes causing data loss

But I think the key is knowing what the thing is that you want to
analyze.

-Peter


> Thanks in advance,
> greg_fenton.
> 
> 
> =====
> Greg Fenton
> greg_fenton@yahoo.com
> 
> __________________________________________________
> Do You Yahoo!?
> LAUNCH - Your Yahoo! Music Experience
> http://launch.yahoo.com
> 
>