Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Endpoint Management Community Blog

{CWoC 2010} Build 0.3.9 is tagged, moving on to 0.4.0 milestone!

Created: 26 Dec 2010 • Updated: 26 Dec 2010
Ludovic Ferre's picture
+1 1 Vote
Login to vote

I have completed build 0.3.9 faster than I expected, but only because I didn't need to add to many features to it.

However what's in there is quite important and will be a stepping stone for future releases.

So what's in it? Just a small section of code (114 lines, 385 words 1886 characters for 5 functions) that returns the top 20 entries from the string cache (both guid entries and ip addresses.

Here's a sample output from running aila-linux-x64-0.3.9 on a small payload (a 50,000 lines log file):

ludovic@ub-x64:~/PROD_003/SW-SRC/altiris-ns-tooling/aila$ ./aila -f t5 -n0
Current line #: 40000
Program read 6358605 bytes from 50000 lines 

LOG FILE ANALYSIS:: SUMMARY

Mime type results:
	File type= asp  , page hits=   46495
	File type= aspx , page hits=    1882
	File type= asmx , page hits=     451
	File type= other, page hits=    1168

Altiris Agent requests results:
	Agent request= Get Policies, page hits=    1245
	Agent request= Get Pkg Info, page hits=     622
	Agent request= Get Snapshot, page hits=       3
	Agent request= Post Event  , page hits=   46495

IIS Web-applications results:
	Webapp= /Altiris/NS/Agent/, dir hits =   48365
	Webapp= /Altiris/NS/      , dir hits =     111
	Webapp= /Altiris/IRA[1]/  , dir hits =    1494
	Webapp= /Altiris/Packages/, dir hits =       4
	Webapp= /Altiris/CTA[3]/  , dir hits =      12
	Webapp= Others            , dir hits =      10

[1] IRA is an abbreviation of InventoryRuleManagement/Agent
[2] SWD is an abbreviation of SWD/SWDWin32/SWPortal
[3] CTA is an abbreviation of ClientTask

LOG FILE ANALYSIS:: DETAILED

IIS status code results:
	IIS Status code= Success  (1xx,2xx), hits count =   49206
	IIS Status code= Client error (4xx), hits count =       2
	IIS Status code= Server error (5xx), hits count =     788

IIS sub-status code results:
	Sub Status code= 0, hits count =   49996

IIS Win32 status code results:
	Win32 Status code= Win32 Success    , hits count =   35135
	Win32 Status code= Win32 Failure > 0, hits count =   14861

24 hour hit counters:
	Hits counted during hour  0 to  1  was  23104
	Hits counted during hour  1 to  2  was  26892

Brought to you by {Connect Winter of Code}

hits #,string type, string,id.
   69, Computer guid, 44A081D8-1245-4CAB-9AEA-4820953DEC61, 167
   68, Computer guid, A8C75167-F299-2354-9204-131EF596C0D0, 218
   71, Computer guid, C914C5D3-DC4B-4B64-81B4-9046E459CB3F, 289
   14, Resource guid, 4235916C-B77B-4025-9208-5A65B7795430, 310
   19, Resource guid, 70C127E1-EF1B-4387-90DA-0DD954AED6CB, 4
   75, Computer guid, 98747B0A-AB8C-4A26-A80C-F1DA63A4927C, 594
   69, Computer guid, 12486B44-E558-43A8-9AF4-286EBE29D1D8, 789
   15, Package  Guid, B3C40802-1245-4F59-8902-1C52578D82E0, 7
   72, Computer guid, C6E9125A-A1A9-416B-AF2D-95384234382C, 882
   13, Package  Guid, 34FA44AB-1742-4095-94A0-98675F5A33C8, 9
   14, Package  Guid, 73B34D09-1F63-4231-8D20-009BCE724BDD, 63
   15, Package  Guid, 1193623D-E1DE-4235-A94D-A1A6CDA089DE, 69
   13, Package  Guid, 73A52385-9FED-4DEC-B277-89A9EBDB9851, 12
   13, Package  Guid, 87327619-2323-49E5-A824-0D21911BC344, 13
  119, Package  Guid, 20354240-6943-4776-A010-E86B192C5C9A, 26
   13, Package  Guid, 436E8215-D38B-45E6-B2D9-2A07C9592AD5, 46
   13, Package  Guid, B89C6587-476B-4CB4-B36D-855B1C7FECA3, 16
   13, Package  Guid, 23589CD9-BF71-4133-8A80-770792871470, 17
   13, Package  Guid, 1780589E-2F26-4B13-B1B7-6F6D48614D7D, 27
   13, Package  Guid, F7F421EA-191D-9586-0167-DDFE6A1C2DDE, 29

hits #,string type, string,id.
   29, Ip address (c-ip), 192.168.95.222, 24574
   43, Ip address (c-ip), 192.168.80.192, 24461
   98, Ip address (c-ip), 192.168.2.123, 23706
   27, Ip address (c-ip), 192.168.74.107, 24478
 1547, Ip address (c-ip), 192.168.170.159, 24569
   23, Ip address (c-ip), 192.168.21.34, 24570
  353, Ip address (c-ip), 192.168.99.251, 24490
   41, Ip address (c-ip), 192.168.74.195, 24507
   21, Ip address (c-ip), 192.168.99.14, 24084
  128, Ip address (c-ip), 192.168.215.33, 24102
  145, Ip address (c-ip), 192.168.74.110, 24196
 1676, Ip address (c-ip), 192.168.169.62, 24571
   96, Ip address (c-ip), 192.168.79.102, 22954
  145, Ip address (c-ip), 192.168.215.167, 18654
  155, Ip address (c-ip), 192.168.65.135, 24298
   67, Ip address (c-ip), 192.168.169.56, 24552
   43, Ip address (c-ip), 192.168.169.52, 24554
   22, Ip address (c-ip), 192.168.60.246, 17839
   75, Ip address (c-ip), 192.168.58.229, 24567
   90, Ip address (c-ip), 192.168.69.31, 24568

You will notice that the cache dump extracts are unsorted yet. This is going to be part of version 0.4.0. I already started reading about algorithm and my plan is to use the topper code to do an hybrid merge sort. The base idea is to run a global search on the data and to search for a subset top entries, sort them and merge at the end of the data / array and start over withuot the last 20 entries (which are already sorted and the hightest etc).

This could prove harder to build than to talk about, but hey, this is why I code in winter: there isn't anything so existing to do out there in the cold :D.