Binary Log Files
Sometimes
it’s not that easy writing programs to deal with log files.
Instead of nice, easily parseable text lines, some logging mechanisms
produce nasty, gnarly binary files with proprietary formats that
can’t be parsed with a single line of Perl. Luckily, Perl
isn’t afraid of these miscreants. Let’s look at a few
approaches we can take when dealing with these files. We’re
going to look at two different examples of binary logs: Unix’s
wtmp file and NT/2000’s event logs.
Back in Chapter 3, we touched briefly on the
notion of logging in and logging out of a Unix host. Login and logout
activity is tracked in a file called wtmp on
most Unix variants. It is common to check this file whenever there is
a question about a user’s connection habits (e.g., from what
hosts does this person usually log in?).
On NT/2000, the event logs play a more generalized role. They are used as a central clearinghouse for logging practically all activity that takes place on these machines including login and logout activity, OS messages, security events, etc. Their role is analogous to the Unix syslog service we mentioned earlier.
Using unpack( )
Perl
has a function called unpack( ) especially
designed to parse binary and structured data. Let’s take a look
at how we might use it to deal with the wtmp
files. The format of wtmp differs from Unix
variant to Unix variant. For this specific example we’ll look
at the wtmp files found on SunOS 4.1.4 and Digital Unix 4.0 because they are pretty ...
Get Perl for System Administration now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
