Last Build Date: Mon, 27 Jun 2005 03:15:01 -0000
Mon, 27 Jun 2005 03:15:01 -0000
if anyone has, is or tried to use Picky in the past I would like to hear any input you may have on it. Since I am going to re-write it in C++ with more functionality it would be very useful.
Mon, 27 Jun 2005 03:07:02 -0000
Well, I pretty much abandoned this project a long time ago. However, I still don't see anything that does anything like Picky. I plan to start fresh on this project. Most likely the next implementation will have the following major differences:
- Coded in C++ using PCRE
- Implements it's own syslog daemon(support of manual and pipe read input will most likely still be supported.)
- Support for a pluggable interface to the database will be used to enable different database types
The overall idea will still be the same. So if you have not been to this SF page before and are interested, take a look at the docs in the source or the first news item.
Mon, 07 Jul 2003 22:22:38 -0000
Here I am attempting to create or more like extend software that will intelligently extract needed information from syslog files. Picky will run in both a daemon mode or cron-type mode. It will load up user defined regular expression patterns as well as something I am calling macros to create complete expression and captures for log files. So, for instance a user might want to get each source and destination IP and ports from an IPTABLES or PIX firewall syslog. That is easily done and thrown properly into a user specified mysql table. I am thinking about extending it to throw the results to an external program and even a couple more databases. But, currently it is just thrown to a mysql database.
What's the difference between this and msyslog? Lot's actually, msyslog only database-izes the date and data. Picky can take pieces of information within the data section of a syslog message and log it to a particular field of an mysql table. Of course it ignores all messages that don't match one of the completed regular expressions.
Finally, this project is beta...I am using it for PIX firewall log parsing for quite awhile but I currently have a few bugs and many features I want to add before releasing. So, install at own risk. It works...I just don't have any coherent way of installing it right now. Yet, installation is quite easy, since it is just a single script and a handful of config files.