V
Vandana
I am trying to write a perl program for analysing Sys Logs generated by
Unix, Windows and Cisco firewalls.
This Logs come into a centralised database and there are like 100s of
messages per hour. I am trying to write a script which will seperate
messages which are critical for the System Administrator and analyse it.
For this purpose I am starting with a initial database where I collected
messages which are critical. Now I am trying to identify the messages as
them come and decide whether I have seen them earlier or not.
Example:
My Error message looks something like this:
39212:Tue Dec 30 10:11:55 2003: (1030) - Windows cannot
query for the list of Group Policy objects. A message that describes the
reason for this was previously logged by the policy engine.";
and I want to check whether this message has
"query for the list of Group Policy objects"
Please can you suggest what is the best way to do something like this in
Perl.
Unix, Windows and Cisco firewalls.
This Logs come into a centralised database and there are like 100s of
messages per hour. I am trying to write a script which will seperate
messages which are critical for the System Administrator and analyse it.
For this purpose I am starting with a initial database where I collected
messages which are critical. Now I am trying to identify the messages as
them come and decide whether I have seen them earlier or not.
Example:
My Error message looks something like this:
39212:Tue Dec 30 10:11:55 2003: (1030) - Windows cannot
query for the list of Group Policy objects. A message that describes the
reason for this was previously logged by the policy engine.";
and I want to check whether this message has
"query for the list of Group Policy objects"
Please can you suggest what is the best way to do something like this in
Perl.