Snort mailing list archives

Re: Any good tool for generating nice reports off a years worth of snort syslog data?

From: Chris Keladis <Chris.Keladis () cmc optus net au>
Date: Thu, 27 Nov 2003 17:13:52 +1100

At 05:04 PM 27/11/2003 +1300, Jason Haar wrote:

Hi Jason,

This has come up before, but I'm specifically interested in running over
Gbytes of syslog files. I've tried a couple of perl-based scripts, but
I've had to kill them when they hit 800M RAM and were still growing...

If your perl-inclined see if you can find the main loop construct thatreads each line of the log.

I'd take a guess that they are using a 'for ()' looping construct whichreads in the entire file and is very wasteful of precious system resources,especially with huge files.

See if you can switch it to a 'while ()' loop instead, which will read thefile line-by-line and be a little more lenient with system resources.

The best solution however is to have log 'slices' that makes the work morepalatable.






Regards,

Chris.



-------------------------------------------------------
This SF.net email is sponsored by OSDN's Audience Survey.
Help shape OSDN's sites and tell us what you think. Take this
five minute survey and you could win a $250 Gift Certificate.
http://www.wrgsurveys.com/2003/osdntech03.php?site=8
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Any good tool for generating nice reports off a years worth of snort syslog data? Jason Haar (Nov 26)
- Re: Any good tool for generating nice reports off a years worth of snort syslog data? Chris Keladis (Dec 03)