背景需求:
1、日志服务器收集网络设备发送过来的日志,保存在/var/log/devlog文件中,单条日志消息内容如下:
|
Apr 27 22:41:28 1.1.1.1 2009 sysname %%10L2INF/5/PORT LINK STATUS CHANGE(l): Ethernet2/3: turns into UP state |
2、日志文件不间断地增长。
工作原理:
使用“cat file | wc - l”来计算日志文件是否更新,使用“tail –n /var/log/devlog”来获取更新内容,最后使用正则表达式分析日志内容
代码:
|
$line_of_devlog = `cat /var/log/devlog | wc -l`+0;
$old_lod = $line_of_devlog;
while(1){
$new_lod = `cat /var/log/devlog | wc -l`+0;
if($new_lod > $old_lod){
$lines = $new_lod - $old_lod;
$old_lod = $new_lod;
open(LOG,"tail -$lines /var/log/devlog |");
foreach(<LOG>)
{
#Quidway S3552F
if(/(.+) (.+) (.+) (.+) (.+) (.+) (.+)\/(\d)\/(.+):(.+)/){
#insert details of this log into database
$digest = quotemeta($9);
$content = quotemeta($10);
$dbh->do("insert into logs values('$5','$1','$2','$3','$4','$6','$7','$8','$digest','$content')");
}
else{
#不能匹配的日志格式
print "#error#$_"
}
}
}
}
|
阅读(416) | 评论(0) | 转发(0) |
