Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Endpoint Management Community Blog

{CWoC} Bye bye 2009 -> Welcome v0.2.3-Rev106, and 2010 of Course!!!

Created: 31 Dec 2009 • Updated: 31 Dec 2009
Ludovic Ferre's picture
0 0 Votes
Login to vote

It'll be soon time to look back upon 2009, and look forward to 2010.

But right now we'll look back at our post v0.2.0 tag [1], and forward to the next tag of course.

What did we mean to put in this tag, and what really made it? Below where the plans drafted in [1]:

  1. [n+] A Simple Linked List implementation (dynamic array)
  2. [n+] IP Address search in the IIS log files
  3. [++] Contextual data for guid and ip searches
  4. [n+] A Win32 branch to ensure code portability
  5. [++] Use of the link list to store all data in memory
  6. [++] Creation of a shell to query in memory data

1. The simple link list was implemented and discarded, as too costly in term of performance (given the file parse is raw in-memory processing taking 100% of a core for the duration of the process). It took the processing time from a fixed 30 seconds to a variable one between 60~100 seconds! Gasp.

2. IP address search was not required as such because we implemented batch loading of the data from a single line onto a struct. Doing so allowed up to limit search for guids inside the cs-uri-stem, as well as allowing the s-ip and c-ip fields to be directly available.

So with the IP readily available we looked at a way to store this information in a smarter manner than thru the string cache (i.e. loading the string to the heap and storing a pointer to it in the storage array). The easiest way to compress an ip is to reduce it back to it's original size: a 32-bit integer. So we did this using the arpa/inet.h. Quick and easy.

3. This may not be done at all, because we can see that with a dump of the cache we can quickly transform the data to lookup the guids inside the database. That will give us much more context than the aila parsing would ever do.

4. Yes, I branched out for Win32. However I haven't really progressed, given I have no access to a modern IDE in order to deal with Win32 quirks.

5. Not planned for this tag, and most likely this will drop from the aila project at all. 6. Will probably follow 5 into oblivion.

So with that said, should we look ahead?

Absolutely no. Time for a break. But let me wish to every one:

A Very Happy New Year 2010!!!

[1] http://www.symantec.com/connect/blogs/cwoc-post-ta...