http://qs321.pair.com?node_id=919248

ahuang14 has asked for the wisdom of the Perl Monks concerning the following question:

Hey guys,

I was just wondering if there were any ideas about how to roll over a file that is parsing a continuous Snort log file. I am currently keeping Snort on 24/7 to log all network problems and then having a Perl program with Tail, parse out the information I need with each entry. However, I want to be able to have one file created each day, rather than having to manually do it myself. Right now I am basically Tailing the Snort file, parsing it, and appending it to a file x.log that I specify (just a simple text file). Is there a way to tell Perl to log for x hours or until x MB and then create a new file to append and write subsequent parsings to?

Thanks in advance

Replies are listed 'Best First'.
Re: Rolling over a Parser File
by FunkyMonk (Chancellor) on Aug 08, 2011 at 15:22 UTC
    Make sure the filename is based on the current date and always open for each write. Something like

    sub loggit {
    my @gmt  = gmtime;
    my $date = sprintf "%04d%02d%02d", $gmt[5]+1900, $gmt[4]+1, $gmt[3
+];
    my $file = "$date.log";

    open my $log, ">>", $file or die $!;
    print $log, @_;
    close $log;
}

    [download]

[reply]
[d/l]
      Right but how do I get my computer to create a new file every day? this is saying that on $date log everything to that file, which is what I want, but how does my computer know to create a new file everyday that this code can be run on?
[reply]
        never mind I got it to work. Thanks alot!
[reply]
Re: Rolling over a Parser File
by Perlbotics (Archbishop) on Aug 08, 2011 at 15:28 UTC
[reply]
Re: Rolling over a Parser File
by Arunbear (Prior) on Aug 09, 2011 at 10:16 UTC

    This is what logrotate is for (unless your system doesn't have it?).

[reply]

Back to Seekers of Perl Wisdom