PERL based log analyzer
SourceForge.net Logo
Home Home Contact us Contacts
Overview Documentation Downloads Contacts Links
 
News & Updates
 
July 21, 2008
v 1.0 now available
Quick Links
 
Sourceforge project's page
CeCILL license
CEA web site
The 'kazimir.debug.TimeFormat' tool next up previous contents
Next: The 'Pattern' tag Up: The 'Log' tag Previous: The 'TimeFormat' keyword   Contents

The 'kazimir.debug.TimeFormat' tool

Writing a correct TimeFormat is, in my opinion, one of the most difficult thing when writing a Kazimir configuration file. It is pretty easy to use a bad format and there is a need for a debugging tool. So I wrote a tool called kazimir.debug.TimeFormat: it's a command line script with two arguments: the first is a TimeFormat to test, and the second is a sample of a line from the log where the TimeFormat is supposed to work on. This tools displays several pieces of information like: the regexp computed from the TimeFormat, and several information got from the parsing process. It says at the end if the format is correct, the epoch time read in 'integer' format and in 'localtime' format too. So checking the coherency is possible. Again, I think that an example is better than a long discussion: I have to cop with file /var/adm/messages, but I don't know which one of these two time format I should be using between '%b %e %H:%M:%S' and '%b  %d %H:%M:%S' .

I will use the two following commands (based on a sample from my workstation) : 

	kazimir.debug.TimeFormat '%b %e %H:%M:%S'
		\  'Mar  1 13:43:35 trekking.bruyeres.s last message repeated 4 times'
	kazimir.debug.TimeFormat '%b  %d %H:%M:%S'
		\ 'Mar  1 13:43:35 trekking.bruyeres.s last message repeated 4 times'

Here, I see that both seems correct with this line, but try now this 

	kazimir.debug.TimeFormat '%b %e %H:%M:%S'
		\  'Mar 11 13:43:35 trekking.bruyeres.s last message repeated 4 times'
	kazimir.debug.TimeFormat '%b  %d %H:%M:%S'
		\  'Mar 11 13:43:35 trekking.bruyeres.s last message repeated 4 times'

We see that '%b %e %H:%M:%S' is ok, but '%b  %d %H:%M:%S' is erroneous (day of month is displayed with a leading space for single digit). With this example, I would like to bring your attention on time element displayed with a leading space on a leading zero for single digit values. It was one of my most frequent mistakes when I wrote Kazimir's configuration file for my machines.

next up previous contents
Next: The 'Pattern' tag Up: The 'Log' tag Previous: The 'TimeFormat' keyword   Contents
Philippe Deniel 2008-07-22
Designed by CMG Technologies, adapted by Thomas LEIBOVICI
Design downloaded from Free Templates