Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.2 9/18/84; site peregrine.UUCP Path: utzoo!watmath!clyde!burl!ulysses!mhuxr!mhuxn!ihnp4!qantel!hplabs!sdcrdcf!trwrb!scgvaxd!felix!peregrine!mike From: mike@peregrine.UUCP (Mike Wexler) Newsgroups: net.sources Subject: UUCP LOGFILE analyzer Message-ID: <193@peregrine.UUCP> Date: Mon, 30-Sep-85 16:41:51 EDT Article-I.D.: peregrin.193 Posted: Mon Sep 30 16:41:51 1985 Date-Received: Mon, 7-Oct-85 03:27:07 EDT Distribution: net Organization: Peregrine Systems, Irvine, Ca Lines: 254 Here is a modification of the LOGFILE analyzer that was recently posted. It works on System V now. I am also included an awk script that gives some useful statistics on the SYSLOG file and a shell script that will run both of them. ------------------------------Cut here----------------------------------------- #! /bin/sh # This is a shell archive, meaning: # 1. Remove everything above the #! /bin/sh line. # 2. Save the resulting text in a file. # 3. Execute the file with /bin/sh (not csh) to create the files: # stats # logfile.awk # syslog.awk # This archive created: Mon Sep 30 13:27:21 1985 export PATH; PATH=/bin:$PATH if test -f 'stats' then echo shar: will not over-write existing file "'stats'" else cat << \SHAR_EOF > 'stats' #!/bin/sh # stats - driver for logfile.awk and syslog.awk # # USAGE # stats # # # Somehow, compress waits until nobody is using the file before it # compresses it. This is nice and convenient. # # # AUTHOR # David Herron (NPR lover) # cbosgd!ukma!david # University of Kentucky, Computer Science # # Changes: # 1. Took out ignore capability(if you want it put it back in) # 2. Made compatible with System V release I # # EDITOR # Michael Wexler # trwrb!felix!peregrine!mike # Peregrine Systems, Inc # tag=$$ cd /usr/spool/uucp cp LOGFILE /tmp/LOGFILE.$tag awk -f logfile.awk /tmp/LOGFILE.$tag cp SYSLOG /tmp/SYSLOG.$tag awk -f syslog.awk /tmp/SYSLOG.$tag rm /tmp/LOGFILE.$tag rm /tmp/SYSLOG.$tag SHAR_EOF chmod +x 'stats' fi # end of overwriting check if test -f 'logfile.awk' then echo shar: will not over-write existing file "'logfile.awk'" else cat << \SHAR_EOF > 'logfile.awk' # logfile.awk -- read a uucp LOGFILE and find out how long # we spent talking to particular places. (Also, remembers if # the time spent was our call or their call). # # This is nice for: 1) Knowing when you made long distance # calls and where to, 2) knowing how much of the load between # you and some sites you're carrying. # # # This works with the UUCP log file format produced by the # uucp delivered with BRL Release 3. (i.e. 4.2BSD, i.e. that # *extremely* hacked up conglomeration of uucp's that prompted # the writing of honey-danber). # # # USAGE # awk -f logfile.awk /usr/spool/uucp/LOGFILE # # Actually -- I would suggest saving LOGFILE somewhere and make # sure uucico is no longer writing to it. This way you're sure # that the data generated is valid. What I do here is: # # set `date` # tag=$2.$7 # cd /usr/spool/uucp # mv LOGFILE OLD/LOGFILE.${tag} # compress OLD/LOGFILE.${tag} # uncompress OLD/LOGFILE.${tag} # awk -f /usr/lib/uucp/logfile.awk OLD/LOGFILE.${tag} # # Somehow, compress waits until nobody is using the file before it # compresses it. This is nice and convenient. # # # AUTHOR # David Herron (NPR lover) # cbosgd!ukma!david # University of Kentucky, Computer Science # # Changes: # 1. Took out ignore capability(if you want it put it back in) # 2. Made compatible with System V release I # # EDITOR # Michael Wexler # trwrb!felix!peregrine!mike # Peregrine Systems, Inc # BEGIN { # states idle = 0; calling = 1; uscall = 2; themcall = 3; true = 1; false = 0 } # We're calling some place, and the call part has actually worked. # 1) Record their name in the master list. # 2) Remember that we're placing the call. $1 ~ /.*!.*/ { n = split($1,a,"!"); user=a[2]; sys=substr(a[1],1,6); time=$2 status=$4 event=$5 } $1 !~ /.*!.*/ { user=$1 sys=substr($2,1,6) time=$3 status=$4 event=$5 } status == "SUCCEEDED" && event == "(call" { state[sys] = calling } # A call succeeded. Either they called us or we called them. # state[sys] tells us who is doing the calling. # Have to remember the time. status == "OK" && event == "(startup)" { startime[sys] = time if (state[sys] == calling) { printf("call\tout\t%s\t%s\n", sys, time) state[sys] = uscall } else { printf("call\tin\t%s\t%s\n", sys, time) state[sys] = themcall } } # Our outgoing call failed. Throw away our information about the call. status == "TIMEOUT" { state[sys] = idle } # A call finished either successfully or unsuccessfully. # Have to add in the time to the appropriate sum. # # It would be "hard" to calculate the time correctly. So, I'm using # a heuristic here to make it easy. I assume that no phone call is # going to last for longer than 1 day. I calculate the time # for the ending and beginning of the call, and if it's negative # I add 24 hours to it. # # I know ... groady to the max, buuut... (status == "OK" || status == "FAILED") && event == "(conversation" { printf("done\t(%s)\t%s\t%s\n", status, sys, time) interval = 0 # get time spent into "interval" # Time format is: "(mon/day-hr:min-pid)" n = split(time, nn, "-") n = split(nn[2], hrmin, ":") tend = (hrmin[1]*60) + hrmin[2] n = split(startime[sys], nn, "-") n = split(nn[2], hrmin, ":") tbeg = (hrmin[1]*60) + hrmin[2] interval = tend - tbeg if (interval < 0) interval += (24*60) if (state[sys] == uscall) ourtime[sys] += interval else theirtime[sys] += interval } # All that's left to do now is to feed the chickens and go home END { for (i in ourtime) printf("%s -- ourtime = %d\ttheirtime = %d\n", \ i, ourtime[i], theirtime[i]) } SHAR_EOF fi # end of overwriting check if test -f 'syslog.awk' then echo shar: will not over-write existing file "'syslog.awk'" else cat << \SHAR_EOF > 'syslog.awk' # syslog.awk -- read a uucp SYSLOG and find out how much # stuff is transferred and how long it took # # This works With System V release I and 4.2BSD # # USAGE # awk -f syslog.awk /usr/spool/uucp/LOGFILE # # AUTHOR # Michael Wexler # trwrb!felix!peregrine!mike # Peregrine Systems, Inc # $1 ~ /.*!.*/ { n=split($1,a,"!"); sys=a[1] } $1 !~ /.*!.*/ { sys=$2 } { bytes[substr(sys,1,6)] += $7; time[substr(sys,1,6)] += $9; } END { for (sys in bytes) { print sys, " Transferred ",bytes[sys]," bytes in ",time[sys]," seconds" print " For an average speed of ",bytes[sys]/time[sys]," bytes/sec" } } SHAR_EOF fi # end of overwriting check # End of shell archive exit 0 -- Mike(always a dreamer) Wexler 15530 Rockfield, Building C Irvine, Ca 92718 (714)855-3923 (trwrb|scgvaxd)!felix!peregrine!mike