[nylug-workshop] [Reminder] Regular meetings of the Python workshop @ Tue Feb 13 18:00 - 20:00 (2 hrs)

Yusuke Shinyama yusuke at cs.nyu.edu
Mon Feb 12 21:14:14 EST 2007 

I will be there tomorrow. Inspired by the log reader, I have been
making a tiny tool for "analyzing" syslog patterns.  The idea is
to group similar looking log strings, and generate regexp patterns
for each group. For example, by feeding the following syslog
output to this program...

  mango rpc.mountd: authenticated unmount request from kiwi.cs.nyu.edu:686 for /data (/data) 
  mango rpc.mountd: authenticated unmount request from kiwi.cs.nyu.edu:689 for /home (/home) 
  mango rpc.mountd: authenticated mount request from banana.cs.nyu.edu:613 for /home (/home) 
  mango rpc.mountd: authenticated mount request from kiwi.cs.nyu.edu:697 for /home (/home) 
  mango rpc.mountd: authenticated mount request from kiwi.cs.nyu.edu:708 for /data (/data) 
  mango rpc.mountd: export request from 128.122.140.70 
  mango rpc.mountd: authenticated mount request from grape.cs.nyu.edu:1023 for /usr/local (/usr/local) 
  mango rpc.mountd: authenticated unmount request from banana.cs.nyu.edu:880 for /home (/home) 
  mango rpc.mountd: export request from 128.122.140.70 
  mango rpc.mountd: authenticated mount request from grape.cs.nyu.edu:1023 for /usr/local (/usr/local) 
  mango kernel: Packet log: input REJECT eth1 PROTO=17 128.105.143.14:41385 128.122.140.61:9618 L=64 S=0x00 I=0 F=0x4000 T=53 (#11)
  mango kernel: Packet log: input REJECT eth1 PROTO=6 128.122.80.107:61887 128.122.140.61:113 L=48 S=0x00 I=4036 F=0x4000 T=63 SYN (#10)
  mango kernel: Packet log: input REJECT eth1 PROTO=6 133.15.94.103:33271 128.122.140.61:113 L=60 S=0x00 I=44595 F=0x4000 T=48 SYN (#10)

You'll get the following regexp patterns:

  '^mango rpc\.mountd:\ authenticated [a-zA-Z_]* request from [a-zA-Z_]*\.cs\.nyu\.edu:[0-9]* for .*/[a-zA-Z_]* \(.*/[a-zA-Z_]*\)'
  '^mango kernel: Packet log: input REJECT eth1 PROTO=[0-9]* [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*:[0-9]* 128\.122\.140\.61:[0-9]* L=[0-9]* S=0x00 I=[0-9]* F=0x4000 T=.* \(#[0-9]*\)'
  '^mango rpc\.mountd: export request from 128\.122\.140\.70'

When a new syslog entry appears, the program tries to match it
with all the known patterns. An entry that doesn't match with any
pattern is recognized as an "uncommon" entry and notified to the
user.

The code is almost finished. I'll be doing documentation for tomorrow.

Yusuke


On Mon, 12 Feb 2007 17:40:27 -0800, "Peter C. Norton" <spacey-nylug-workshop at lenin.net> wrote:
> I am, as of about 2 hours ago, unable to go to the meeting. The order
> I made for my valentines dinner from freshdirect has had the time
> changed to exactly the time of the meeting, due to weather!?!?! Aargh!
> 
> I'm going to try to participate from home. I'm going to use the time
> to try to write the widget I was talking about for doing a list
> selectiong box in a pop-up. 
> 
> -Peter
> 
> 
> -- 
> The 5 year plan:
> In five years we'll make up another plan.
> Or just re-use this one.
> 
> _______________________________________________
> nylug-workshop mailing list
> nylug-workshop at nylug.org
> http://nylug.org/mailman/listinfo/nylug-workshop
> Calendar with times and directions: http://tighturl.com/fp

More information about the nylug-workshop mailing list