lire-devel-doc 2:2.1.1-2.1 / usr / share / doc / lire / dev-manual / ch01s02.html

This file is indexed.

/usr/share/doc/lire/dev-manual/ch01s02.html is in lire-devel-doc 2:2.1.1-2.1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Log File Normalisation</title><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Lire Developer's Manual"><link rel="up" href="ch01.html" title="Chapter 1. Architecture Overview"><link rel="prev" href="ch01.html" title="Chapter 1. Architecture Overview"><link rel="next" href="ch01s03.html" title="Log Analysis"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Log File Normalisation</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ch01.html">Prev</a> </td><th width="60%" align="center">Chapter 1. Architecture Overview</th><td width="20%" align="right"> <a accesskey="n" href="ch01s03.html">Next</a></td></tr></table><hr></div><div class="section" title="Log File Normalisation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sect:normalisation"></a>Log File Normalisation</h2></div></div></div><div class="figure"><a name="fig:flow-normalisation"></a><p class="title"><b>Figure 1.2. The Log Normalisation Process</b></p><div class="figure-contents"><div align="center"><img src="flow-normalisation.png" align="middle" alt="The Log Normalisation Process"></div></div></div><br class="figure-break"><p>The first process of the Lire log analysis framework is
	  the log file normalisation process. That process is
	  summarized in the  <a class="xref" href="ch01s02.html#fig:flow-normalisation" title="Figure 1.2. The Log Normalisation Process">Figure 1.2, &#8220;The Log Normalisation Process&#8221;</a> figure. This process is
	  centered around the <em class="firstterm">DLF</em> concept which
	  is kind of a universal log format. DLF stands for Distilled
	  Log Format. The concept is that each product specific log
	  file is transformed into a log format that can be common to
	  all the products providing similar functionalities. In
	  Lire's terminology, a class of applications providing
	  similar functionality (e.g. MTA's supplying email) is called
	  a <em class="firstterm">superservice</em>. Still in Lire's
	  terminology, the <em class="firstterm">service</em> from which
	  the super is derived (e.g. postfix or sendmail) refers to
	  the native log format that is converted in the
	  superservice's DLF. One can view the DLF as a table where
	  the rows are the logged events and the fields are logged
	  information related to each event.
	</p><p>Since the information logged by an email server is
	  totally different from a web server, each superservice
	  should have its own data models. In Lire, the data model is
	  called a DLF <em class="firstterm">schema</em>. The DLF schemas
	  are defined in XML files using the DLF Schema Markup
	  Language. The schema describes what fields are available for
	  each logged events. 
	</p><p>One interesting aspect of <span class="application">Lire</span>, is that altough the
	  email DLF is used by all email servers, the email DLF data
	  model isn't restricted to the lowest common denominator
	  across the log formats supported by each email servers. In
	  the Lire's architecture, the superservice's schema can
	  represent the information logged by the most sophisticated
	  product. When some part of the information isn't available
	  in one log format, the DLF log file will contain this
	  information and the reports that needs this information
	  won't be included.
	</p><p>This architecture means that to support a new service,
	  i.e. a new log format, in Lire you just need to write a
	  plugin, called a DLF converter. This is just a simple perl
	  module that parses the native log format and maps the
	  information according to the schema. 
	</p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="ch01.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="ch01.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="ch01s03.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 1. Architecture Overview </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Log Analysis</td></tr></table></div></body></html>

APT Browse - Built by Thomas Orozco.