Personal tools
Navigation
« December 2008 »
Su Mo Tu We Th Fr Sa
123456
78910111213
14151617181920
21222324252627
28293031
 

Entries For: September 2006

2006-09-28

Supporting Times

Filed Under:

Offline Mode/Parsing Timestamps

Supporting working with time, especially for "offline mode" seems important.

One should be able to (painlessly) tell LoGS to be in "offline mode". Offline mode seems to imply at least:

  1. Not using the internal-time
  2. Parse the timestamps on the log messages; use them to set *now*
  3. *LoGS-INTERNAL-TIME-UNITS-PER-SECOND* should be set to the resolution of 1
    (In "online mode", this is the value of INTERNAL-TIME-UNITS-PER-SECOND or 100 under CMUCL).

In order to support this, we introduced the --parse-timestamp, --timestamp-start, and --timestamp-end flags.

--parse-timestamp causes LoGS to not use the internal-time and, instead, to set *now* by parsing the timestamp on the line. I'm not exactly sure what will happen when you parse a syslog file from, say leap day, when this year doesn't have a leap day! LoGS will probably die a flaming death and take you with it!

--timestamp-start causes LoGS to look at this position in the line for the start of the timestamp. This sets the internal variable *timestamp-start*. The default value of *timestamp-start* is 0.

--timestamp-end causes LoGS to use this position in the line for the end of the timestamp. This sets the internal variable *timestamp-end*. The default value of *timestamp-end* is 15.

Time formats:


Right now, LoGS understands only the standard syslog time format. This format is:
Mon Dt HH:MM:SS
eg:
Jun 9 12:34:56

2006-09-21

weblogentry.2006-09-25.6191089007

Working with Time

Filed Under:

LoGS needs to be able to talk about times easily, at times.

There are several times when I would like to be able to specify times that things should happen in LoGS. I guess that what I'm after is somewhat like a "calendar event" in SEC.

LoGS, of course, already has facilities for doing things at certain times. The problem is that these times have to be specified in *LoGS-INTERNAL-TIME-UNITS-PER-SECOND* since the start of the Lisp process; isn't that convienant?!

What we would like to be able to say is something like: "write me a report on all the invalid ssh connections AT MIDNIGHT" or "... AT 12:01 PM"

While CMUCL has facilities for parsing dates that seem rather robust, these facilities are not portable. I found that Gene Michael Stover has created a library (I'm not quite sure of its name exactly!) that can be found here: http://cybertiggyr.com/gene/pdl/

I've started to do a little work to make this library support the date formats that I would like to see (such as a simple "12:34:56" to mean 12:34:56 AM today and "12:34:56 tomorrow" to mean, obviously, 12:34:56 AM tomorrow). These are the sorts of times I want to be able to use in my LoGS rulesets.

I've submitted a patch to Mr. Stover to support a couple of these formats. I hope that he will accept them so that I don't have to maintain a bunch of time parsing stuff inside of LoGS.

LoGS 0.1.2 released 9/22/2006

Filed Under:

LoGS 0.1.2 released

LoGS 0.1.2 was released yesterday. For the first time, the tarballs are available on savannah.nongnu.org!
Powered by Plone CMS, the Open Source Content Management System

This site conforms to the following standards: