switchlog
Prev Kernun UTM Reference (1) Next

Name

switchlog — distribute messages from Kernun log according to message id and proxy name

Synopsis

switchlog [ { -v | -V } [lines] ] cfgfile [logfile]

Description

Program switchlog reads a log file in the Kernun log format from the standard input or from a file specified by the logfile parameter. Individual messages are then written to different output files or sent to other programs through pipes, according to the configuration file cfgfile.

Options

{-v|-V} [lines]

When reading log, report how many lines have been processed (-v prints a sequence of messages, -V rewrites the same message using backspace characters). Parameter lines is the number of lines, after which a message will be generated (if not present, print a message after each 10000 lines).

cfgfile

Name of the configuration file.

logfile

Log file to be processed. If not present, the standard input is read.

Syntax of Configuration File

Empty lines and lines beginning with '#' are ignored.

out out_id [!]>file

Messages written to output id out_id will be appended to file. If the !> form is used, the output will be flushed after each line.

out out_id [!]|program [args...]

Messages written to output id out_id will be processed by program. The program will be run only once and messages will be passed to its standard input via a pipe. If the !| form is used, the output will be flushed after each line.

log_id altname out_id

Messages with matching log id and proxy name will be sent to output id out_id. Value of log_id can be either log id (e.g., TCPP-202), or the word unknown (matching messages with unknown — not present in switchlog's hash table — log id), or default. Value of name is either a proxy name, or '*' meaning any.

Matching

The log id and altname are extracted from each message read from the input file. The log id is then used for lookup in a hash table compiled into switchlog. If the id is found in the table, the configuration lines with corresponding log_id are searched for matching proxy name (which can also be '*', meaning any). If the id is not found, lines beginning with unknown are searched for altname. If no log id, proxy name pair has been found so far, lines beginning with default are searched for proxy name. Finally, if a matching configuration line is found, the message is sent to the output id specified in that line. Otherwise, the message is ignored.

Notes

Processing logs by scripts, such as sum-stats(1) is a time-consuming task. Moreover, if statistics of several proxies are to be computed, summarization scripts would read the same log file again and again. Program switchlog can reduce the log processing time by quickly selecting only the messages relevant for further processing. Also, the log file is read only once even if further processing is performed by several scripts.

See Also

log-ts(1), sum-stats(1), logging(7)

Authors

This man page is a part of Kernun Firewall.
Copyright © 2000–2023 Trusted Network Solutions, a. s.
All rights reserved.

Prev Up Next
sum-stats Home triplicator