[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
I have a working log analysis prog
Greetings,
I've been hacking over the weekend and have a
functional (tho not pretty) Perl script that does
a nice job of log analysis.
Right now I'm just looking at the top 4 services
on our outbound link (Napster, http, ftp-data and www)
and these are hardwired in place.
I'm working on code that automagically pulls the top
N services (you pick N) and graphs them, and more
code that does trend analysis.
My scripts require Perl 5, the DateManip module
from CPAN and gnuplot. If you're interested in
seeing the output take a look at
http://www.netcom.duke.edu/~rdc/ta.gif
If anyone is interested I'll post my perl script
and the gnuplot .gnp file I'm using. Please don't laugh
at my poor Perl code -- this was a "GOTTA make this work
over the weekend" project, and I'm by no means a Perl
expert, so there is room for a LOT of improvement.
But, hey, it works, it's fast and that's what's
important to me. Get it working first; make it pretty
later.
One comment -- it would be REALLY, REALLY nice if
the command line version of IPtraf had a log file
location flag, and the ability to run multiple instances
when the log flag was set. Why so?
Well, my traffic analysis box sits on a gigabit Ethernet
link and has two NetGear NICS. One for inbound traffic
and one for outbound traffic. I need to be able to
provide traffic analysis on both links; but with IPtraf
confined to a single instance I can't. :-(
A log file named ethN_tcp_udp_services_log where N is
the interface number would be really spiffy. And I have
a trade for this besides my logging code -- I've had
a student working on providing an IPv6 decode module
and he has it pretty well functional.
Cheers,
Bob
[-------------------------------------------------]
|Bob Currier |
|Director, Data Communications |
|Duke University Office of Information Technology |
|(919) 419-5310 |
[-------------------------------------------------]