In an earlier job, I was faced with the need to scan the InterMapper
log and too I was bugged by the log format since I was used to
mainframe log files that were in fixed field format. Then someone told
me that words are my friend and the InterMapper log is nothing but a
collection of words. (Note: words in this sense are blocks of one or
more characters surrounded by any number of spaces. Thus to parse the
log, just scan each entry character by character. Throw away the
spaces and save the printing characters in separate variables (I used
an array)
With the array constructed, item 1 is the date (Note you must add a
year for most other software to work. I got my year from the last
modified date of the file) Item 2 is the time. Item 3 is the entry
type, item 4 is the first word of the message, Etc.
Using this approach I was able to produce a daily list of IP addresses
that accessed the web page by looking for a word 3 that contains http
then recording word 6 as the IP address. (Note: in this case word 5 is
nothing but a - . This is because the definition of word is a ONE or
more printable characters separated by one or more spaces.
There is one more item to note, words also end with an end of line. On
some machines that is a return, on others it is a line feed and on
still others it is both.
And finally: If you are using AppleScript it understands words and
will pick them out for you with a construct like var = word 5 of
logLine
Hope this helps.
- Jerry
------------------------------------------------------------------------
-------------------------
Jerry W. Segers Phone: 770-475-3781
1233 Roper Road Fax: 770-475-6331
Canton, GA 30115` eMail: [EMAIL PROTECTED]
On Dec 20, 2005, at 9:47 PM, Matt Stevens wrote:
Christopher,
The log format docs seem to imply that the individual fields are
contained in quotes. On my system at least that's not the case.
Just using spaces doesn't work too well, as the number of spaces
between fields is variable and the messages in fields also contain
spaces.
--
matt
Christopher L. Sweeney wrote:
At 3:47 PM -0800 12/16/05, Matt Stevens wrote:
Is there a specific format that describes the intermapper log files?
It seems be:
DD/MM HH:MM:SS EVENT DESCRIPTION
But the format isn't too machine friendly. The separator between the
time, event and description appears to be two or more spaces, but the
description field also contains two or more spaces on occasion -
making this a bad record separator.
I'd like to write a script to process the logs and generate a summary
after they're rotated nightly. I know I could write a script that
would be called as a notifier, but then the script would have to
maintain its own state. Much simpler to just use the logs...
You can find a description of the event log here:
http://www.intermapper.com/docs/WebHelp/03-using_intermapper/03-02-
monitoring_your_network/03-02-02-log_windows/logmessages.html --
Christopher
____________________________________________________________________
List archives:
http://www.mail-archive.com/intermapper-talk%40list.dartware.com/
To unsubscribe: send email to: [EMAIL PROTECTED]
____________________________________________________________________
List archives:
http://www.mail-archive.com/intermapper-talk%40list.dartware.com/
To unsubscribe: send email to: [EMAIL PROTECTED]
