From: "James Stevenson" <james@stev.org>
To: 'Nikola Vlahovic' <root.admin1@zg.t-com.hr>,
linux-c-programming@vger.kernel.org
Subject: RE: Read from log file - daemon - how?
Date: Thu, 12 Jan 2006 02:14:45 -0000 [thread overview]
Message-ID: <000001c6171d$f55e3480$6a00ac0a@hughesit.local> (raw)
In-Reply-To: <43C59379.4010907@zg.t-com.hr>
Have a look at the already open source program called tail.
It should already be a program install on your system.
Try something like
Tail -f /var/log/messages
James
> -----Original Message-----
> From: linux-c-programming-owner@vger.kernel.org [mailto:linux-c-
> programming-owner@vger.kernel.org] On Behalf Of Nikola Vlahovic
> Sent: 11 January 2006 23:24
> To: linux-c-programming@vger.kernel.org
> Subject: Read from log file - daemon - how?
>
> Hi,
>
> I would like to make daemon in C for watching and processing log files
> (GPL of course :)))))
> and I have some problems......
>
> 1) if I open some log file like /var/log/messages for read with fopen
> ...how do I get new changes
> that are generated in time.....like new system messages or soemthing
> else......
>
> 2)if I open file for reading and don't append any kind of lock to that
> file (log is the file...) are there
> any implications....(problems for log-generating daemon or
> soemthing...)
>
> 3) what is prefered way , used functions , else.......to approach this
> problem......
>
>
> my daemon would be used for creating large database of information on
> some kind of RD (like mysql)
> from all kinds of log files, messages , httpd , mail and others.....and
> then processed and used for
> creating automated defence policy methods based on this info , like
> creating IPTABLES entry for
> host that is generating too much aggressive traffic like scanning, mail
> accout hacking , enumeration or
> soemthing else.....
>
> I intend to make such system for use in small or medium networks for
> automating defend procedure using
> several hosts......
>
> If one system detects attack and creates database entry and sends
> message , other system can use this info
> and protect themselfs against attack , later database information can be
> used for creating attack statistics,
> attack prediction, attacker habbits (usual times of attack and
> similar....)
>
>
> tnx,
> nikola.
> -
> To unsubscribe from this list: send the line "unsubscribe linux-c-
> programming" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
prev parent reply other threads:[~2006-01-12 2:14 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-01-11 23:23 Read from log file - daemon - how? Nikola Vlahović
2006-01-12 2:14 ` James Stevenson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='000001c6171d$f55e3480$6a00ac0a@hughesit.local' \
--to=james@stev.org \
--cc=linux-c-programming@vger.kernel.org \
--cc=root.admin1@zg.t-com.hr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).