>Analog is a Log Analysis tool. Stephen has devoted a lot of time to
making
>it very fast and efficient at it's primary task. DNS resolution is
not a
>primary task of Analog, indeed Analog doesn't even try to do DNS
lookups
>by default, and it won't do a DNS lookup if it can find the address
>already resolved in the DNS cache file.
I agree with what you say but given it reads the DNS cache
file sequentially and this file can become very large - mine is over 10 M
bytes and I have only analysed 15 days worth of logs. It strikes me that
some way doing a pattern match against an ISP address range where 1 entry
would be the equivalent of 1,000s of single line entries in a DNS cache must
make the whole thing more efficient....
>There are a number of
>preprocessing tools that do a better job of DNS resolution than
Analog
>does by focussing on that specific task, and that's the way it
should be.
I sort of agree, to get domain information the raw n.n.n.n
IP address needs to be looked up that is part of the analysis of the log
file. I definitely agree though that this is far better found in the cache
or by some other method than doing a DNS lookup from within analog..
>jdresolve doesn't generate seperate copies of the original log file
>either. Analog reads DNS information out of a DNS cache file, and
>jdresolve (and other similiar helpers) create DNS cahce files.
Agreed but they are going to be very inefficient if they
produce a single line for each ip address of the format
host-n-n-n-n-ispname.net which tends to be what you get,
Regards Jamie
------------------------------------------------------------------------
This is the analog-help mailing list. To unsubscribe from this
mailing list, send mail to [EMAIL PROTECTED]
with "unsubscribe" in the main BODY OF THE MESSAGE.
List archived at http://www.mail-archive.com/[email protected]/
------------------------------------------------------------------------
