[Snort-users] Any good tool for generating nice reports off a years worth of snort syslog data?
Chris.Keladis at ...6400...
Wed Dec 3 08:42:09 EST 2003
At 05:04 PM 27/11/2003 +1300, Jason Haar wrote:
>This has come up before, but I'm specifically interested in running over
>Gbytes of syslog files. I've tried a couple of perl-based scripts, but
>I've had to kill them when they hit 800M RAM and were still growing...
If your perl-inclined see if you can find the main loop construct that
reads each line of the log.
I'd take a guess that they are using a 'for ()' looping construct which
reads in the entire file and is very wasteful of precious system resources,
especially with huge files.
See if you can switch it to a 'while ()' loop instead, which will read the
file line-by-line and be a little more lenient with system resources.
The best solution however is to have log 'slices' that makes the work more
More information about the Snort-users