in reply to Re: adaptive syslog message parsing
in thread adaptive syslog message parsing

i probably do want to use a regular expression.. :) unfortunately, that wasn't the part of the project i was having difficulty with..

where i'm stumped is trying to aggregate all messages of the same type (which requires the code to figure out which parts of the line are varying).. that part you haven't touched upon in your reply (but you did save me the work of writing the hash-building loop, albeit the easy part).. thanks so far

Replies are listed 'Best First'.
Re^3: adaptive syslog message parsing
by AK108 (Friar) on Jun 06, 2007 at 23:56 UTC
    Yes, I used an HoHoH. The first dimension is the system, the second is the program (what I called the subsystem), and the third dimension is the message. The value of the third dimension gets the counts.

    Were you wanting something different than that? An array containing hashrefs might be an option, as it would preserve the initial order. Alternately, you could use a hash for each message string, and then have each value of that be an array, with each item representing a given instance of that message. There's lots of ways to implement this, data structure-wise, and it's usually easy to transform between them.

    Also, you might be interested in trying to parse out any dates, times, computer names, IP addresses, or anything else relevant to build a context for each message. You can also throw a while(1) {...} loop around it to continually read from the file (once you add the code to open/read/close, that is).

[reply]
[d/l]

In Section Seekers of Perl Wisdom