Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
Parse::Syslog(3)      User Contributed Perl Documentation     Parse::Syslog(3)

       Parse::Syslog - Parse Unix syslog files

	my $parser = Parse::Syslog->new( '/var/log/syslog', year => 2001);
	while(my $sl = $parser->next) {
	    ...	access $sl->{timestamp|host|program|pid|text} ...

       Unix syslogs are	convenient to read for humans but because of small
       differences between operating systems and things	like 'last message
       repeated	xx times' not very easy	to parse by a script.

       Parse::Syslog presents a	simple interface to parse syslog files:	you
       create a	parser on a file (with new) and	call next to get one line at a
       time with Unix-timestamp, host, program,	pid and	text returned in a

   Constructing	a Parser
       new requires as first argument a	source from where to get the syslog
       lines. It can be:

       o   a file-name for the syslog-file to be parsed.

       o   an IO::Handle object.

       o   a File::Tail	object as first	argument, in which case	the read
	   method will be called to get	lines to process.

       After the file-name (or File::Tail object), you can specify options as
       a hash.	The following options are defined:

       type    Format of the "syslog" file. Can	be one of:

	       syslog  Traditional "syslog" (default)

	       metalog Metalog (see

       year    Syslog files usually do store the time of the event without
	       year. With this option you can specify the start-year of	this
	       log. If not specified, it will be set to	the current year.

       GMT     If this option is set, the time in the syslog will be converted
	       assuming	it is GMT time instead of local	time.

       repeat  Parse::Syslog will by default repeat xx times events that are
	       followed	by messages like 'last message repeated	xx times'. If
	       you set this option to false, it	won't do that.

	       If this option is true, next will return	an array-ref instead
	       of a hash-ref (and is thus a bit	faster), with the following

	       0:  timestamp

	       1:  host

	       2:  program

	       3:  pid

	       4:  text

       locale  Optional. Specifies an additional locale	name or	the array of
	       locale names for	the parsing of log files with national

	       If true will allow for timestamps in the	future.	Otherwise
	       timestamps of one day in	the future and more will not be
	       returned	(as a safety measure against wrong configurations,
	       bogus --year arguments, etc.)

   Parsing the file
       The file	is parse one line at a time by calling the next	method,	which
       returns a hash-reference	containing the following keys:

       timestamp Unix timestamp	for the	event.

       host	 Host-name where the event did happen.

       program	 Program-name of the program that generated the	event.

       pid	 PID of	the Program that generated the event. This information
		 is not	always available for every operating system.

       text	 Text description of the event.

       msgid	 Message numeric identifier, available only on Solaris >= 8
		 with "message ID generation" enabled".

       facility	 Log facility name, available only on Solaris >= 8 with
		 "message ID generation" enabled".

       level	 Log level, available only on Solaris >= 8 with	"message ID
		 generation" enabled".

       There are many small differences	in the syslog syntax between operating
       systems.	This module has	been tested for	syslog files produced by the
       following operating systems:

	   Debian GNU/Linux 2.4	(sid)
	   Solaris 2.6
	   Solaris 8

       Report problems for these and other operating systems to	the author.

       Copyright (c) 2001, Swiss Federal Institute of Technology, Zurich.  All
       Rights Reserved.

       This module is free software; you can redistribute it and/or modify it
       under the same terms as Perl itself.

       David Schweikert	<>

	2001-08-12 ds 0.01 first version
	2001-08-19 ds 0.02 fix 'last message repeated xx times', Solaris 8 problems
	2001-08-20 ds 0.03 implemented GMT option, year	specification, File::Tail
	2001-10-31 ds 0.04 faster time parsing,	implemented 'arrayref' option, better time-increment algorithm
	2002-01-29 ds 0.05 ignore -- MARK -- lines, low-case months, space in program names
	2002-05-02 ds 1.00 HP-UX fixes,	parse 'above message repeats xx	times'
	2002-05-25 ds 1.01 added support for localized month names (
	2002-10-28 ds 1.02 fix off-by-one-hour error when running during daylight saving time switch
	2004-01-19 ds 1.03 do not allow	future dates (if allow_future is not true)
	2004-07-11 ds 1.04 added support for type 'metalog'
	2005-12-24 ds 1.05 allow passing of a IO::Handle object	to new

perl v5.32.0			  2007-12-30		      Parse::Syslog(3)


Want to link to this manual page? Use this URL:

home | help