my
$parser
= Parse
::Syslog
->
new
(
'/var/log/syslog'
, year
=>
2001
);
while
(
my
$sl
=
$parser
->
next
)
{
??????????? ?
...
?????????? ?access
$sl
->
{timestamp
|host
|progra
m
|pid|text
}
?????????????
...
}
DESCRIPTION:描述
Unix syslogs are convenient to read for humans but because of small differences between operating systems and things like 'last message repeated xx times' not very easy to parse by a script.
UNIX系统日志很方便人去读但是由于操作系统等之间的细微差别像‘最后的消息重叠xx次’不是很容易用脚本去分析的。
Parse::Syslog presents a simple interface to parse syslog files: you create a parser on a file (withnew) and call next to get one line at a time with Unix-timestamp,host,program,pid and text returned in a hash-reference.
Parse::Syslog提供一个简单接口去分析系统日志文件:用new方式创建对文件分析的句柄然后调用next一次获取一行带时间戳、主机、程序、PID和文本信息到hash中。
Constructing a Parse:构建一个Parse
new:
? ?requires as first argument a source from where to get the syslog lines. It can be:
? a file-name for the syslog-file to be parsed.
? an IO::Handle object.
? a File::Tail object as first argument,in which case the read method will be called to get lines to process.
After the file-name (or File::Tail object),you can specify options as a hash. The following options are defined:
new需要一个参数来获取syslog的 它可以是:
??? 一个syslog文件的文件名
??? 一个I/O::目标句柄
??? 一个File::Tail木匾作为第一个参数,在这种情况下read方式会被调用来为程序获得行数据,
在文件名之后你可以指定目标左右一个hash,接着的选项是被定义的。
type:
??? 系统邮件或者其他log文件。
year:
syslog files usually do store the time of the event without year. With this option you can specify the start-year of this log. If not specified,it will be set to the current year.
系统日志记录时间时候通常不会记哪年,你可以通过这个选项指定log开始的年份,如果没有指定默认是当前的年份。?
GMT:
If this option is set,the time in the syslog will be converted assuming it is GMT time instead of local time.
如果设置该选项,系统日志的时间将被转换为GMT时间而不是当地时间。
repeat:
Parse::Syslog will by default repeat xx times events that are followed by messages like 'last message repeated xx times'. If you set this option to false,it won't do that.
Parse::Syslog会重复几次追踪事件消息像“最后消息重复几次”,如果不设,不会重复
arrayref:
If this option is true,next will return an array-ref instead of a hash-ref (and is thus a bit faster),with the following contents:0:timestamp 1:host 2:program 3:pid 4:text
如果该选项为真,next将返回数组引用代替哈希引用(会提高速度):0:时间戳 1:主机 2:程序 3:pid 4:文本
locale:
Optional. Specifies an additional locale name or the array of locale names for the parsing of log files with national characters.
为解析log文件指定一个带有标志性的本地名字或者一组本地名字
allow_future:
If true will allow for timestamps in the future. Otherwise timestamps of one day in the future and more will not be returned (as a safety measure against wrong configurations,bogus --year arguments,etc.)允许在将来返回时间戳,否则不会返回。
Parsing the file:
The file is parse one line at a time by calling the next method,which returns a hash-reference containing the following keys: timestamp:Unix timestamp for the event 时间戳:事件发生的UNIX事件 host:Host-name where the event did happen 主机:事件发生的主机位置 program:Program-name of the program that generated the event 程序:引起事件发生的程序名 pid:PID of the Program that generated the event. This information is not always available for every operating system pid:长生事件的程序PID,对于不同的系统来说这个信息不总是可用的 text:Text description of the event. 文本:描述事件 msgid:Message numeric identifier,available only on Solaris >= 8 with "message ID generation" enabled". msgid:消息标识符 facility:Log facility name,available only on Solaris >= 8 with "message ID generation" enabled". 设备:日至设备名 level:Log level,available only on Solaris >= 8 with "message ID generation" enabled". 等级:日志等级