while ( my $sl = $parser -> next ) {
...
access $sl -> {timestamp |host |progra m |pid|text }
...
}
DESCRIPTION:描述
Unix syslogs are convenient to read for humans but because of small differences between operating systems and things like 'last message repeated xx times' not very easy to parse by a script.
UNIX系统日志很方便人去读但是由于操作系统等之间的细微差别像‘最后的消息重叠xx次’不是很容易用脚本去分析的。
Parse::Syslog presents a simple interface to parse syslog files: you create a parser on a file (withnew) and call next to get one line at a time with Unix-timestamp, host, program, pid and text returned in a hash-reference.
Parse::Syslog提供一个简单接口去分析系统日志文件:用new方式创建对文件分析的句柄然后调用next一次获取一行带时间戳、主机、程序、PID和文本信息到hash中。
Constructing a Parse:构建一个Parse
new:
requires as first argument a source from where to get the syslog lines. It can be:
a file-name for the syslog-file to be parsed.
an IO::Handle object.
a File::Tail object as first argument, in which case the read method will be called to get lines to process.
After the file-name (or File::Tail object), you can specify options as a hash. The following options are defined:
new需要一个参数来获取syslog的 它可以是:
一个syslog文件的文件名
一个I/O::目标句柄
一个File::Tail木匾作为第一个参数,在这种情况下read方式会被调用来为程序获得行数据,
在文件名之后你可以指定目标左右一个hash,接着的选项是被定义的。
type:
系统邮件或者其他log文件。
year:
syslog files usually do store the time of the event without year. With this option you can specify the start-year of this log. If not specified, it will be set to the current year.
系统日志记录时间时候通常不会记哪年,你可以通过这个选项指定log开始的年份,如果没有指定默认是当前的年份。
GMT:
If this option is set, the time in the syslog will be converted assuming it is GMT time instead of local time.
如果设置该选项,系统日志的时间将被转换为GMT时间而不是当地时间。
repeat:
Parse::Syslog will by default repeat xx times events that are followed by messages like 'last message repeated xx times'. If you set this option to false, it won't do that.
Parse::Syslog会重复几次追踪事件消息像“最后消息重复几次”,如果不设,不会重复
arrayref:
If this option is true, next will return an array-ref instead of a hash-ref (and is thus a bit faster), with the following contents:0:timestamp 1:host 2:program 3:pid 4:text
如果该选项为真,next将返回数组引用代替哈希引用(会提高速度):0:时间戳 1:主机 2:程序 3:pid 4:文本
locale:
Optional. Specifies an additional locale name or the array of locale names for the parsing of log files with national characters.
为解析log文件指定一个带有标志性的本地名字或者一组本地名字
allow_future:
If true will allow for timestamps in the future. Otherwise timestamps of one day in the future and more will not be returned (as a safety measure against wrong configurations, bogus --year arguments, etc.)允许在将来返回时间戳,否则不会返回。
Parsing the file:
The file is parse one line at a time by calling the next method, which returns a hash-reference containing the following keys:
timestamp:Unix timestamp for the event
时间戳:事件发生的UNIX事件
host:Host-name where the event did happen
主机:事件发生的主机位置
program:Program-name of the program that generated the event
程序:引起事件发生的程序名
pid:PID of the Program that generated the event. This information is not always available for every operating system
pid:长生事件的程序PID,对于不同的系统来说这个信息不总是可用的
text:Text description of the event.
文本:描述事件
msgid:Message numeric identifier, available only on Solaris >= 8 with "message ID generation" enabled".
msgid:消息标识符
facility:Log facility name, available only on Solaris >= 8 with "message ID generation" enabled".
设备:日至设备名
level:Log level, available only on Solaris >= 8 with "message ID generation" enabled".
等级:日志等级
扫一扫
3370
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
