These are the scripts for parsing the logs prepLogs4dbms.pl Presently handles logs from the syslog facility, httpd, last, lastlog, and w. It's designed to first read the raw log files. Then it parses and formats data so that it is suitable for insertion into a database (currently MySQL). It also provides archives of the raw and formatted logs that cover specific periods of time (currently one month) for the particular log. For example, once the script has processed the telnetd logs, there will be a a file with the data from the present session ready for updating the database. If the archive file for the present month exists, the present session data will be appended to it, otherwise a new file will be created. If the archive file for the present raw data exists, the present session data will be appended to it, otherwise a new file will be created. The archive files are created 1) to make forensic analysis easier, and 2) for disaster recovery. The present log types handled are: [%# preplogs4dbms #%] httpd - [%# http_access #%] logins - [%# login #%] smbs - [%# smb #%] syslogs - [%# syslog #%] NOTE: The `[%# #%]' brackets are tags that can be used to find the code referred to. If you have text searches over files (Ultra Edit, Midnight Commander, grep) these strings will take you there. For example, the following references are to the `preplogs4dbms.pl' file and the listed tags are simply strings within that file. This particular file is over 1700 lines and this makes getting to a particular area in the code much easier. There may be one or two references in the same file but hardly ever three. So if the first search doesn't get you there, simply repeating it one more time most likely will. `httpd' handles the logs generated by Apache. The directives controlling the format of the logs are well documented. `logins' handles the logs generated by running `last', `lastlog' and `w' as cron jobs. I currently have them on a 5 minute cycle. The operation of the logging system should not be affected regardless of the length of the cycle. Every ten seconds should work just as well as every ten hours. Of course the processing overhead will be considerably greater for the shorter cycles. `smbs' handles Samba logs.