RESLOG(1) User Contributed Perl Documentation RESLOG(1)NAMEreslog - Reverse-resolve IP in Apache log files
SYNOPSISreslog [options] [logfile...]
reslog [-h|-v]
DESCRIPTIONreslog resolves IPs in Apache(8) log files. The result can then be
analyzed by another program, like Analog. You can think of it as a
replacement of the Apache(8) "HostNameLookups" directive, in the sense
that it resolves client IPs altogether once a day.
Resolving takes long time. This is mainly caused by resolving: Network
packets may be filtered by firewalls; DNS servers may not be correctly
configured; may not be up working; may sit in slow network sections;
may be old slow machines; may have traffic jam... etc. All these
reasons are out of our control.
If it stops in the middle of its execution, as when the user hits a
"Ctrl-Break", it may leave a temporary working file. The next time it
runs, it will stop when it sees that temporary working file at the
first sight. Please process that file first. You can resolve it
again, just like an ordinary log file.
This prorgam needs temporary working space. Between memory and disk
space, I choose disk space, since it is cheaper and may be available in
more environments. However, this means that it needs free temporary
disk space about 2 times of the size of the source log log file (10
times if using memory). Please make sure you have that much free
space.
I suggest you to install File::MMagic(3) instead of counting on the
file executable. The internal magic file of File::MMagic(3) seems to
work better than the file(1) executable. reslog treats everything not
gzip(1) nor bzip2(1) compressed as plain text. When a compressed log
file is wrongly recognized as an image, reslog will treat it as plain
text, read log records directly from it and fail. This failure does
not hurt the source log files, but is still annoying.
OPTIONS
logfile
The log file to be resolved. If not specified, it will read from
"STDIN" and output to "STDOUT". You can also specify "-" to read
from "STDIN". Multiple log files are supported. If one of these
files are "STDIN", it will output to "STDOUT". gzip(1) or bzip2(1)
compressed files are supported, too.
-k,--keep mode
What to keep in the source file. Currently the following modes are
supported:
a,all
Keep the source file after records are resolved.
r,restart
Restart the source file after records are resolved.
d,delete
Delete the source file after records are resolved. This is the
default.
-o,--override mode
Whether we should overwrite the existing resolved files. Currently
the following modes are supported:
o,overwrite
Overwrite any existing target file.
a,append
Append the records to the existing target file.
f,fail
Stop processing whenever a target file exists, to prevent
destroying any existing files by accident. This is the
default.
-s,--suffix suf
The suffix to be appended to the output file. If not specified,
the default is ".resolved".
-t,--trim-suffix suf
The suffix to be trimmed from the input file name before appending
the above suffix. Default is none. If you are running several log
file filters, this can help you trim the suffix of the previous
one.
-n,--num-threads n
Number of threads to run simultaneously. The default is 10. Use 0
to disable threading. This option has no effect on systems that
does not support threading.
-c, --stdout
Output the result to "STDOUT".
-d, --debug
Show the detailed debugging messages.
-q, --quiet
Shihhhhhh. Only yell when errors.
-h, --help
Display the help message and exit.
-v, --version
Output version information and exit.
VERSION
3.11
COPYRIGHT
Copyright (c) 2000-2007 imacat.
This program is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
Free Software Foundation, either version 3 of the License, or (at your
option) any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program. If not, see <http://www.gnu.org/licenses/>.
AUTHOR
imacat <imacat@mail.imacat.idv.tw>.
You may visit reslog's website at: <http://reslog.sourceforge.net/>,
<http://search.cpan.org/dist/reslog/> or
<http://www.imacat.idv.tw/tech/reslog.html>.
BUGSreslog has a mailing list reslog-users@lists.sourceforge.net. If you
have any question, comment, bug report, patch, please send it to the
mailing list. You may join the mailing list at
<https://lists.sourceforge.net/lists/listinfo/reslog-users>. Do not
send mails directly to me unless you have private business with me.
The mailing list has an archive. People having the same trouble as you
may search the archive, find the answer and save a lot of time.
TODO
Multi-lingual support, with Traditional and Simplified Chinese
messages.
SEE ALSOCompress::Zlib(3), Compress::Bzip2(3), perlthrtut(1), gzip(1), zlib(3),
bzip2(1).
perl v5.20.2 2007-12-03 RESLOG(1)