UUCP LOGFILE analyzer

Mike Wexler mike at peregrine.UUCP
Tue Oct 1 06:41:51 AEST 1985 

Here is a modification of the LOGFILE analyzer that
was recently posted. It works on System V now.  I am also
included an awk  script that gives some useful statistics on the SYSLOG file
and a shell script that will run both of them.
------------------------------Cut here-----------------------------------------
#! /bin/sh
# This is a shell archive, meaning:
# 1. Remove everything above the #! /bin/sh line.
# 2. Save the resulting text in a file.
# 3. Execute the file with /bin/sh (not csh) to create the files:
#	stats
#	logfile.awk
#	syslog.awk
# This archive created: Mon Sep 30 13:27:21 1985
export PATH; PATH=/bin:$PATH
if test -f 'stats'
then
	echo shar: will not over-write existing file "'stats'"
else
cat << \SHAR_EOF > 'stats'
#!/bin/sh
# stats - driver for logfile.awk and syslog.awk
# 
# USAGE
#	stats
#
#
# Somehow, compress waits until nobody is using the file before it
# compresses it.  This is nice and convenient.
#
#
# AUTHOR
#	David Herron (NPR lover)
#	cbosgd!ukma!david
#	University of Kentucky, Computer Science
#
# Changes:
#	1. Took out ignore capability(if you want it put it back in)
#	2. Made compatible with System V release I
#
# EDITOR
#	Michael Wexler
#	trwrb!felix!peregrine!mike
#	Peregrine Systems, Inc
#
tag=$$
cd /usr/spool/uucp
cp LOGFILE /tmp/LOGFILE.$tag
awk -f logfile.awk /tmp/LOGFILE.$tag
cp SYSLOG /tmp/SYSLOG.$tag
awk -f syslog.awk /tmp/SYSLOG.$tag
rm /tmp/LOGFILE.$tag
rm /tmp/SYSLOG.$tag
SHAR_EOF
chmod +x 'stats'
fi # end of overwriting check
if test -f 'logfile.awk'
then
	echo shar: will not over-write existing file "'logfile.awk'"
else
cat << \SHAR_EOF > 'logfile.awk'
# logfile.awk -- read a uucp LOGFILE and find out how long
# we spent talking to particular places.  (Also, remembers if
# the time spent was our call or their call).
#
# This is nice for: 1) Knowing when you made long distance
# calls and where to, 2) knowing how much of the load between
# you and some sites you're carrying.
#
#
# This works with the UUCP log file format produced by the
# uucp delivered with BRL Release 3.  (i.e. 4.2BSD, i.e. that
# *extremely* hacked up conglomeration of uucp's that prompted
# the writing of honey-danber). 
#
#
# USAGE
#	awk -f logfile.awk /usr/spool/uucp/LOGFILE
#
# Actually -- I would suggest saving LOGFILE somewhere and make
# sure uucico is no longer writing to it.  This way you're sure
# that the data generated is valid.  What I do here is:
#
#	set `date`
#	tag=$2.$7
#	cd /usr/spool/uucp
#	mv LOGFILE OLD/LOGFILE.${tag}
#	compress OLD/LOGFILE.${tag}
#	uncompress OLD/LOGFILE.${tag}
#	awk -f /usr/lib/uucp/logfile.awk OLD/LOGFILE.${tag}
#
# Somehow, compress waits until nobody is using the file before it
# compresses it.  This is nice and convenient.
#
#
# AUTHOR
#	David Herron (NPR lover)
#	cbosgd!ukma!david
#	University of Kentucky, Computer Science
#
# Changes:
#	1. Took out ignore capability(if you want it put it back in)
#	2. Made compatible with System V release I
#
# EDITOR
#	Michael Wexler
#	trwrb!felix!peregrine!mike
#	Peregrine Systems, Inc
#
BEGIN	{
	# states
	idle = 0; calling = 1; uscall = 2; themcall = 3;
	true = 1; false = 0
	}

# We're calling some place, and the call part has actually worked.
# 1) Record their name in the master list.
# 2) Remember that we're placing the call.

$1 ~ /.*!.*/	{
		n = split($1,a,"!");
		user=a[2];
		sys=substr(a[1],1,6);
		time=$2
		status=$4
		event=$5
	}
$1 !~ /.*!.*/	{
	user=$1
	sys=substr($2,1,6)
	time=$3
	status=$4
	event=$5
}
status == "SUCCEEDED" && event == "(call" {
	state[sys] = calling
}

# A call succeeded.  Either they called us or we called them.
# state[sys] tells us who is doing the calling.
# Have to remember the time.

status == "OK" && event == "(startup)" {
	startime[sys] = time
	if (state[sys] == calling) {
		printf("call\tout\t%s\t%s\n", sys, time)
		state[sys] = uscall
	}
	else {
		printf("call\tin\t%s\t%s\n", sys, time)
		state[sys] = themcall
	}
}


# Our outgoing call failed.  Throw away our information about the call.

status == "TIMEOUT" {
	state[sys] = idle
	}

# A call finished either successfully or unsuccessfully.
# Have to add in the time to the appropriate sum.
#
# It would be "hard" to calculate the time correctly.  So, I'm using
# a heuristic here to make it easy.  I assume that no phone call is
# going to last for longer than 1 day.  I calculate the time
# for the ending and beginning of the call, and if it's negative
# I add 24 hours to it.
#
# I know ... groady to the max, buuut...

(status == "OK" || status == "FAILED") && event == "(conversation" {
	printf("done\t(%s)\t%s\t%s\n", status, sys, time)
	interval = 0
	# get time spent into "interval"
	# Time format is: "(mon/day-hr:min-pid)"
	n = split(time, nn, "-")
	n = split(nn[2], hrmin, ":")
	tend = (hrmin[1]*60) + hrmin[2]
	n = split(startime[sys], nn, "-")
	n = split(nn[2], hrmin, ":")
	tbeg = (hrmin[1]*60) + hrmin[2]

	interval = tend - tbeg
	if (interval < 0)
		interval += (24*60)

	if (state[sys] == uscall)
		ourtime[sys] += interval
	else
		theirtime[sys] += interval
	}

# All that's left to do now is to feed the chickens and go home

END	{
	for (i in ourtime)
		printf("%s -- ourtime = %d\ttheirtime = %d\n", \
			i, ourtime[i], theirtime[i])
	}


SHAR_EOF
fi # end of overwriting check
if test -f 'syslog.awk'
then
	echo shar: will not over-write existing file "'syslog.awk'"
else
cat << \SHAR_EOF > 'syslog.awk'
# syslog.awk -- read a uucp SYSLOG and find out how much
# stuff is transferred and how long it took
#
# This works With System V release I and 4.2BSD
#
# USAGE
#	awk -f syslog.awk /usr/spool/uucp/LOGFILE
#
# AUTHOR
#	Michael Wexler
#	trwrb!felix!peregrine!mike
#	Peregrine Systems, Inc
#
$1 ~ /.*!.*/	{
	n=split($1,a,"!");
	sys=a[1]
}
$1 !~ /.*!.*/	{
	sys=$2
}
{
	bytes[substr(sys,1,6)] += $7; 
	time[substr(sys,1,6)] += $9;
}
END	{
	for (sys in bytes)
	{
	print sys, "	Transferred ",bytes[sys]," bytes in ",time[sys]," seconds"
	print "	For an average speed of ",bytes[sys]/time[sys]," bytes/sec"
	}
}
SHAR_EOF
fi # end of overwriting check
#	End of shell archive
exit 0



-- 
Mike(always a dreamer) Wexler
15530 Rockfield, Building C
Irvine, Ca 92718
(714)855-3923
(trwrb|scgvaxd)!felix!peregrine!mike

More information about the Comp.sources.unix mailing list