UUCP LOGFILE analyzer
Mike Wexler
mike at peregrine.UUCP
Tue Oct 1 06:41:51 AEST 1985
Here is a modification of the LOGFILE analyzer that
was recently posted. It works on System V now. I am also
included an awk script that gives some useful statistics on the SYSLOG file
and a shell script that will run both of them.
------------------------------Cut here-----------------------------------------
#! /bin/sh
# This is a shell archive, meaning:
# 1. Remove everything above the #! /bin/sh line.
# 2. Save the resulting text in a file.
# 3. Execute the file with /bin/sh (not csh) to create the files:
# stats
# logfile.awk
# syslog.awk
# This archive created: Mon Sep 30 13:27:21 1985
export PATH; PATH=/bin:$PATH
if test -f 'stats'
then
echo shar: will not over-write existing file "'stats'"
else
cat << \SHAR_EOF > 'stats'
#!/bin/sh
# stats - driver for logfile.awk and syslog.awk
#
# USAGE
# stats
#
#
# Somehow, compress waits until nobody is using the file before it
# compresses it. This is nice and convenient.
#
#
# AUTHOR
# David Herron (NPR lover)
# cbosgd!ukma!david
# University of Kentucky, Computer Science
#
# Changes:
# 1. Took out ignore capability(if you want it put it back in)
# 2. Made compatible with System V release I
#
# EDITOR
# Michael Wexler
# trwrb!felix!peregrine!mike
# Peregrine Systems, Inc
#
tag=$$
cd /usr/spool/uucp
cp LOGFILE /tmp/LOGFILE.$tag
awk -f logfile.awk /tmp/LOGFILE.$tag
cp SYSLOG /tmp/SYSLOG.$tag
awk -f syslog.awk /tmp/SYSLOG.$tag
rm /tmp/LOGFILE.$tag
rm /tmp/SYSLOG.$tag
SHAR_EOF
chmod +x 'stats'
fi # end of overwriting check
if test -f 'logfile.awk'
then
echo shar: will not over-write existing file "'logfile.awk'"
else
cat << \SHAR_EOF > 'logfile.awk'
# logfile.awk -- read a uucp LOGFILE and find out how long
# we spent talking to particular places. (Also, remembers if
# the time spent was our call or their call).
#
# This is nice for: 1) Knowing when you made long distance
# calls and where to, 2) knowing how much of the load between
# you and some sites you're carrying.
#
#
# This works with the UUCP log file format produced by the
# uucp delivered with BRL Release 3. (i.e. 4.2BSD, i.e. that
# *extremely* hacked up conglomeration of uucp's that prompted
# the writing of honey-danber).
#
#
# USAGE
# awk -f logfile.awk /usr/spool/uucp/LOGFILE
#
# Actually -- I would suggest saving LOGFILE somewhere and make
# sure uucico is no longer writing to it. This way you're sure
# that the data generated is valid. What I do here is:
#
# set `date`
# tag=$2.$7
# cd /usr/spool/uucp
# mv LOGFILE OLD/LOGFILE.${tag}
# compress OLD/LOGFILE.${tag}
# uncompress OLD/LOGFILE.${tag}
# awk -f /usr/lib/uucp/logfile.awk OLD/LOGFILE.${tag}
#
# Somehow, compress waits until nobody is using the file before it
# compresses it. This is nice and convenient.
#
#
# AUTHOR
# David Herron (NPR lover)
# cbosgd!ukma!david
# University of Kentucky, Computer Science
#
# Changes:
# 1. Took out ignore capability(if you want it put it back in)
# 2. Made compatible with System V release I
#
# EDITOR
# Michael Wexler
# trwrb!felix!peregrine!mike
# Peregrine Systems, Inc
#
BEGIN {
# states
idle = 0; calling = 1; uscall = 2; themcall = 3;
true = 1; false = 0
}
# We're calling some place, and the call part has actually worked.
# 1) Record their name in the master list.
# 2) Remember that we're placing the call.
$1 ~ /.*!.*/ {
n = split($1,a,"!");
user=a[2];
sys=substr(a[1],1,6);
time=$2
status=$4
event=$5
}
$1 !~ /.*!.*/ {
user=$1
sys=substr($2,1,6)
time=$3
status=$4
event=$5
}
status == "SUCCEEDED" && event == "(call" {
state[sys] = calling
}
# A call succeeded. Either they called us or we called them.
# state[sys] tells us who is doing the calling.
# Have to remember the time.
status == "OK" && event == "(startup)" {
startime[sys] = time
if (state[sys] == calling) {
printf("call\tout\t%s\t%s\n", sys, time)
state[sys] = uscall
}
else {
printf("call\tin\t%s\t%s\n", sys, time)
state[sys] = themcall
}
}
# Our outgoing call failed. Throw away our information about the call.
status == "TIMEOUT" {
state[sys] = idle
}
# A call finished either successfully or unsuccessfully.
# Have to add in the time to the appropriate sum.
#
# It would be "hard" to calculate the time correctly. So, I'm using
# a heuristic here to make it easy. I assume that no phone call is
# going to last for longer than 1 day. I calculate the time
# for the ending and beginning of the call, and if it's negative
# I add 24 hours to it.
#
# I know ... groady to the max, buuut...
(status == "OK" || status == "FAILED") && event == "(conversation" {
printf("done\t(%s)\t%s\t%s\n", status, sys, time)
interval = 0
# get time spent into "interval"
# Time format is: "(mon/day-hr:min-pid)"
n = split(time, nn, "-")
n = split(nn[2], hrmin, ":")
tend = (hrmin[1]*60) + hrmin[2]
n = split(startime[sys], nn, "-")
n = split(nn[2], hrmin, ":")
tbeg = (hrmin[1]*60) + hrmin[2]
interval = tend - tbeg
if (interval < 0)
interval += (24*60)
if (state[sys] == uscall)
ourtime[sys] += interval
else
theirtime[sys] += interval
}
# All that's left to do now is to feed the chickens and go home
END {
for (i in ourtime)
printf("%s -- ourtime = %d\ttheirtime = %d\n", \
i, ourtime[i], theirtime[i])
}
SHAR_EOF
fi # end of overwriting check
if test -f 'syslog.awk'
then
echo shar: will not over-write existing file "'syslog.awk'"
else
cat << \SHAR_EOF > 'syslog.awk'
# syslog.awk -- read a uucp SYSLOG and find out how much
# stuff is transferred and how long it took
#
# This works With System V release I and 4.2BSD
#
# USAGE
# awk -f syslog.awk /usr/spool/uucp/LOGFILE
#
# AUTHOR
# Michael Wexler
# trwrb!felix!peregrine!mike
# Peregrine Systems, Inc
#
$1 ~ /.*!.*/ {
n=split($1,a,"!");
sys=a[1]
}
$1 !~ /.*!.*/ {
sys=$2
}
{
bytes[substr(sys,1,6)] += $7;
time[substr(sys,1,6)] += $9;
}
END {
for (sys in bytes)
{
print sys, " Transferred ",bytes[sys]," bytes in ",time[sys]," seconds"
print " For an average speed of ",bytes[sys]/time[sys]," bytes/sec"
}
}
SHAR_EOF
fi # end of overwriting check
# End of shell archive
exit 0
--
Mike(always a dreamer) Wexler
15530 Rockfield, Building C
Irvine, Ca 92718
(714)855-3923
(trwrb|scgvaxd)!felix!peregrine!mike
More information about the Comp.sources.unix
mailing list