[Snort-users] Any good tool for generating nice reports off a years worth of snort syslog data?

Chris Keladis Chris.Keladis at ...6400...
Wed Dec 3 08:42:09 EST 2003


At 05:04 PM 27/11/2003 +1300, Jason Haar wrote:

Hi Jason,

>This has come up before, but I'm specifically interested in running over
>Gbytes of syslog files. I've tried a couple of perl-based scripts, but
>I've had to kill them when they hit 800M RAM and were still growing...

If your perl-inclined see if you can find the main loop construct that 
reads each line of the log.

I'd take a guess that they are using a 'for ()' looping construct which 
reads in the entire file and is very wasteful of precious system resources, 
especially with huge files.

See if you can switch it to a 'while ()' loop instead, which will read the 
file line-by-line and be a little more lenient with system resources.

The best solution however is to have log 'slices' that makes the work more 
palatable.





Regards,

Chris. 





More information about the Snort-users mailing list