[Simple-evcorr-users] More table like display of stats
Brought to you by:
ristov
Menu
▾
▴
[Simple-evcorr-users] More table like display of stats
|
From: John P. R. <ro...@cs...> - 2012-12-05 03:17:14
|
Currently the output of a state dump (generated with a kill -USR1) looks like: Rule 1 at line 31 (Clear EVENT_PROCESSED) has matched 6431597 events Rule 2 at line 51 (Skip all processing for slapd) has matched 14126179 events Rule 3 at line 72 (Dispatch firewall accept lines) has matched 483828 events Rule 4 at line 95 (Dispatch firewall rule lines) has matched 167890 events Rule 5 at line 115 (jump to timestamp ruleset) has matched 113237 events Rule 6 at line 134 (jump to pdu ruleset) has matched 2 events Rule 7 at line 150 (Do normal processing) has matched 7538605 events I often find myself comparing counts, or summing counts etc. and I am wondering if other people would also find this format better: Rule 1 at line 31 matched 6431597 events (Clear EVENT_PROCESSED) Rule 2 at line 51 matched 14126179 events (Skip all processing for slapd) Rule 3 at line 72 matched 483828 events (Dispatch firewall accept lines) Rule 4 at line 95 matched 167890 events (Dispatch firewall rule lines) Rule 5 at line 115 matched 113237 events (jump to timestamp ruleset) Rule 6 at line 134 matched 2 events (jump to pdu ruleset) Rule 7 at line 150 matched 7538605 events (Do normal processing) With this layout it is easier to see that rule 2 is hit the most and rule 6 the least. Plus I can use awk/perl to pull field 7 and sum them. This will take a little extra processing due to the right aligned matched events count, but I don't think this processing would be excessively burdensome. Thoughts? -- -- rouilj John Rouillard =========================================================================== My employers don't acknowledge my existence much less my opinions. |
