grr@cbmvax.UUCP (George Robbins) (07/12/89)
A couple of people have asked for copies of the logfile analysis scripts
I mentioned a couple of postings ago. Against my better judgement, I
am posting them in hopes that the might serve someone else as a starting
point for something better.
These are cruddy, slimey, disgusting awk scripts worked up interactivly
to extract a few intersting numbers. They will probably *not* work without
modification on your system. I did them over a year ago and could do them
much more pretty now.
1) the format of the SYSLOG file varies from system to system. You will
will have to modify the front ends of the program to extract the key
parameters from your SYSLOG format and possibly discard unwanted
records. These are set up for Ultrix 1.2 formats.
2) the scripts were written for 'awk' but currently invoke 'nawk' the
"new" awk described by the "awk book". If you don't have access to
nawk, they should still work with awk, however you'll have to cope
with awk's fine error reporting. They didn't work with an early
release of gnu-awk, but might now. You could probably do a better
job with perl, but I've come to think perl is bad idea done well...
Enough squawking and excuses...
mwatch - this gives a running log of tranfer rates - sort of a tail -f SYSLOG
uutime - this gives a report of the amount of time and data to different sites
uuspeed - this gives a thruput report broken down by month
================================= cut here =====================================
#! /bin/sh
# This is a shell archive, meaning:
# 1. Remove everything above the #! /bin/sh line.
# 2. Save the resulting text in a file.
# 3. Execute the file with /bin/sh (not csh) to create the files:
# mwatch
# uuspeed
# uutime
# This archive created: Wed Jul 12 02:30:30 1989
export PATH; PATH=/bin:$PATH
echo shar: extracting "'mwatch'" '(1319 characters)'
if test -f 'mwatch'
then
echo shar: will not over-write existing file "'mwatch'"
else
sed 's/^ X//' << \SHAR_EOF > 'mwatch'
X#! /bin/sh
X# mwatch [[[lines] minimum] logfile]
Xtail -${1-100}f ${3-/usr/spool/uucp/SYSLOG} |
Xnawk '
X{
X name=$2;
X date=$3;
X dir=substr($5,1,1);
X if ($6 == "data") {
X bytes=$7+0;
X seconds=$9+0;
X packets=$12;
X retrys=$14+0;
X } else if ($6 == "failed") {
X bytes=$8+0;
X seconds=$10+0;
X packets=$13;
X retrys=$15+0;
X } else {
X bytes=$6+0;
X seconds=$8+0;
X packets=$11;
X retrys=$13+0;
X }
X if (substr(packets,length(packets)) == ",")
X packets=substr(packets,1,length(packets)-1)+0; # trailing comma...
X if (seconds == 0) # avoid div/0
X speed=10*bytes;
X else
X speed=((10*bytes)/seconds)+0.5;
X if (seconds < '${2-3}') # parameter substitution
X next;
X if ($5 == "sent") {
X printf "%-14s %-9s %s %6d %4d %5d bps",date,name,dir,bytes,seconds,speed;
X if (retrys > 0 && packets > 0) {
X error=((100*retrys)/packets)+0.05;
X printf " %3.1f%% retrys\n",error;
X } else
X printf "\n";
X }
X else if ($5 == "received")
X printf "%-14s %-9s %s %6d %4d %5d bps\n",date,name,dir,bytes,seconds,speed;
X else if ($5 == "send" && $6 == "failed")
X printf "%-14s %-9s %s %6d %4d failed!\n",date,name,dir,bytes,seconds;
X else if ($5 == "receive" && $6 == "failed")
X printf "%-14s %-9s %s %6d %4d failed!\n",date,name,dir,bytes,seconds;
X else
X print;
X}
X'
SHAR_EOF
if test 1319 -ne "`wc -c < 'mwatch'`"
then
echo shar: error transmitting "'mwatch'" '(should have been 1319 characters)'
fi
chmod +x 'mwatch'
fi # end of overwriting check
echo shar: extracting "'uuspeed'" '(4144 characters)'
if test -f 'uuspeed'
then
echo shar: will not over-write existing file "'uuspeed'"
else
sed 's/^ X//' << \SHAR_EOF > 'uuspeed'
X#! /bin/sh
X# uuspeed [logfile]
Xecho "me eof ()" | \
Xnawk '
X{
X#print;
X name=$2;
X date=$3;
X dir=substr($5,1,1);
X# some records are funny
X# receive 13 b 12 secs...
X# receive data 13 bytes 12 secs...
X# recieve failed after 13 bytes 12 secs...
X if ($6 == "failed") {
X#print "failed";
X failed=1;
X bytes=$8+0;
X seconds=$10+0;
X packets=$13;
X retrys=$15+0;
X } else if ($6 == "data") {
X#print "data";
X failed=0;
X bytes=$7+0;
X seconds=$9+0;
X packets=$12;
X retrys=$14+0;
X } else {
X#print "normal";
X failed=0;
X bytes=$6+0;
X seconds=$8+0;
X packets=$11;
X retrys=$13+0;
X }
X# trailing comma...
X if (substr(packets,length(packets)) == ",")
X packets=substr(packets,1,length(packets)-1)+0;
X# avoid div/0 kludge...
X if (seconds == 0)
X speed=0;
X else
X speed=int(((10*bytes)/seconds)+0.5);
X dir=substr($5,1,1);
X
X# drop command files - un-statistical
X if (seconds == 0 || bytes < 256) {
X bin="z";
X dir="c";
X } else {
X if (speed > 2500)
X bin="f";
X else
X bin="s";
X }
X
X key=name " " bin " " dir;
X# if (NR == 2000) date = "";
X# print key,name,date,dir,failed,bytes,seconds,packets,retrys,speed;
X
X month = substr(date,2,index(date,"/")-2);
X# month = substr(date,index(date,"/")+1);
X# month = substr(month,1,index(month,"-")-1);
X if (month != last) {
X if (last != "") {
X for (sys in keys) {
X if (tfiles[sys])
X print last, keys[sys],tfiles[sys],tfailed[sys],\
X tbytes[sys],tseconds[sys],tpackets[sys],tretrys[sys],tpeak[sys];
X tfiles[sys] = 0;
X tfailed[sys] = 0;
X tbytes[sys] = 0;
X tseconds[sys] = 0;
X tpackets[sys] = 0;
X tretrys[sys] = 0;
X tpeak[sys] = 0;
X }
X if (month == "")
X exit;
X }
X last = month;
X }
X
X if (key != last)
X if ((sys=used[key]) == 0) {
X sys = used[key] = ++sofar;
X keys[sys] = key;
X }
X
X tfiles[sys]++;
X tfailed[sys] += failed;
X tbytes[sys] += bytes;
X tseconds[sys] += seconds;
X tpackets[sys] += packets;
X tretrys[sys] += retrys;
X
X if (seconds > 7 && bytes > 2048) {
X speed=int((10*bytes)/seconds);
X if (speed >= tpeak[sys])
X tpeak[sys] = speed;
X }
X
X}
X' ${1-/usr/spool/uucp/SYSLOG} - | \
Xsort +0 -1 +1 -2 +2 -3 +3 -4 | \
Xnawk '
XBEGIN {
X split("January February March April May June July August September October November December",months);
X rdate="'"`date`"'";
X split(rdate,date);
X year=date[6];
X host="'"`hostname`"'";
X}
X{
X#print
X month = $1;
X name = $2;
X bin = $3;
X dir = $4;
X files = $5;
X failed = $6;
X bytes = $7;
X seconds = $8;
X packets = $9;
X retrys = $10;
X peak = $11;
X
X if (seconds != 0)
X speed = int((bytes*10)/seconds);
X else {
X speed = 0;
X# print "no time!";
X# print name, dir,bin,files,failed,bytes,seconds,packets,retrys,speed;
X }
X
X if (month != last) {
X print "";
X print months[month] " " year ": uucp usage report for " host " on " rdate;
X print "";
X print "system transfer files fail M-bytes hours speed peak error";
X print "======= ============ ====== ==== ======== ====== ===== ===== =====";
X last = month;
X lastsys = "";
X }
X
X if (dir == "s")
X dir = "send";
X else if (dir == "r")
X dir = "receive";
X else if (dir == "c")
X dir = "control";
X else
X dir = "xxx";
X
X if (bin == "s")
X bin = "slow";
X else if (bin == "f")
X bin = "fast";
X else if (bin == "z")
X bin = "misc";
X else
X bin = "lost";
X
X if (packets != 0)
X error=(100*retrys)/packets;
X else {
X error = 0;
X# print "no packets!";
X# print name, dir,bin,files,failed,bytes,seconds,packets,retrys,speed;
X }
X
X if (name != lastsys) {
X print "";
X tmpname = name;
X lastsys = name;
X } else
X tmpname = "";
X
X if (retrys > 0)
X cent = sprintf("%6.1f%%",error+.05);
X else
X cent = "";
X
X if (bin != "misc" && speed > 0) {
X whizz = sprintf("%6d bps",speed);
X if (peak > 0)
X whizz = whizz sprintf("%6d bps",peak)
X } else
X whizz = "";
X
X printf "%-9s%-4s %-7s%7d%5d%9.3f%4d:%02d%-20s%-6s\n",\
X tmpname, bin, dir,\
X files, failed, bytes/1000000,\
X (work=(seconds/60))/60, work%60,\
X whizz, cent;
X}
SHAR_EOF
if test 4144 -ne "`wc -c < 'uuspeed'`"
then
echo shar: error transmitting "'uuspeed'" '(should have been 4144 characters)'
fi
chmod +x 'uuspeed'
fi # end of overwriting check
echo shar: extracting "'uutime'" '(2135 characters)'
if test -f 'uutime'
then
echo shar: will not over-write existing file "'uutime'"
else
sed 's/^ X//' << \SHAR_EOF > 'uutime'
X#! /bin/sh
X# uutime [logfile]
Xnawk '
X{
X name=$2;
X stamp=$3;
X dir=$5;
X if ($6 == "failed" || $6 == "data") {
X bytes=$7;
X time=$9;
X } else {
X bytes=$6;
X time=$8;
X }
X
X last=stamp;
X if (first == "")
X first=last;
X
X if (name!=last)
X if ((sys=used[name]) == 0) {
X sys = used[name] = ++sofar;
X names[sys] = name;
X }
X
X if (dir=="sent")
X sbytes[sys] += bytes;
X else if (dir=="received")
X rbytes[sys] += bytes;
X stime[sys] += time;
X files[sys]++;
X}
X# NR == 1000 {exit}
XEND {
X split("'"`date`"'",date);
X year=date[6]+0;
X split("31 28 31 30 31 30 31 31 30 31 30 31",dim)
X if ((year % 4) == 0)
X dim[2]++;
X diy[0]=0;
X for(month=1; month <= 12; month++)
X diy[month+1]=dim[month]+diy[month];
X work=first last;
X for (i=1; i <= length(work); i++)
X if (substr(work,i,1) !~ /[0-9]/)
X work=substr(work,1,i-1) " " substr(work,i+1);
X split(work,fields);
X days=(diy[fields[5]]+fields[6])-(diy[fields[1]]+fields[2])+1;
X
X print "";
X print "cbmvax uucp usage by system from " first " to " last " in " year " (" days " days)";
X print "";
X print " time sent recd total M-byte/ hours/";
X print " system files hours M-byte M-byte M-byte day day ";
X print "======== ======== ====== ======== ======== ======== ======== ======";
X for (sys in names) {
X printf "%-8s%9d%5d:%02d%10.3f%10.3f%10.3f%10.3f%5d:%02d\n",\
X names[sys],\
X files[sys],\
X (temp=stime[sys]/60)/60, temp%60,\
X sbytes[sys]/1000000,\
X rbytes[sys]/1000000,\
X (sbytes[sys]+rbytes[sys])/1000000,\
X ((sbytes[sys]+rbytes[sys])/days)/1000000,\
X (temp=(stime[sys]/days)/60)/60, temp%60;
X
X tfiles += files[sys];
X tsbytes += sbytes[sys];
X trbytes += rbytes[sys];
X tstime += stime[sys];
X }
X print "======== ======== ====== ======== ======== ======== ======== ======";
X printf "%-8s%9d%5d:%02d%10.3f%10.3f%10.3f%10.3f%5d:%02d\n",\
X "********",\
X tfiles,\
X (temp=tstime/60)/60, temp%60,\
X tsbytes/1000000,\
X trbytes/1000000,\
X (tsbytes+trbytes)/1000000,\
X ((tsbytes+trbytes)/days)/1000000,\
X (temp=(tstime/days)/60)/60, temp%60;
X}' ${1-/usr/spool/uucp/SYSLOG}
SHAR_EOF
if test 2135 -ne "`wc -c < 'uutime'`"
then
echo shar: error transmitting "'uutime'" '(should have been 2135 characters)'
fi
chmod +x 'uutime'
fi # end of overwriting check
# End of shell archive
exit 0
--
George Robbins - now working for, uucp: {uunet|pyramid|rutgers}!cbmvax!grr
but no way officially representing arpa: cbmvax!grr@uunet.uu.net
Commodore, Engineering Department fone: 215-431-9255 (only by moonlite)