ExP
is "Extra Petit". As an intended pun, exp is to log what less
is to more
. It is also a lot of regular expressions.
Ideas come from Petit.
That tool is really cool, but it is too slow on my small Cubieboard,
because it is written in Python. I need raw power :-)
so I decided
to hack a clone in C.
Thanks Scott McCarty (Petit's author) for the ideas and for allowing me.
- Entries
- syslog
- rsyslog
- apache access
- apache error
- securelog
- snort
- raw
- Outputs
- hash
- wordcount
- daemon
- host
- sgraph
- mgraph
- hgraph
- dgraph
- mograph
- ygraph
ExP
is designed as a drop-in replacement of Petit. Its internal
design is also similar to Petit's.
Yet, ExP
has extentions of its own. Here are those extensions:
- Allow multiple files
- Per-log type filter scrubbing is externalized in configuration files instead of being hard-coded
- Graphs support a
--exp_mode
flag that extends the graph with a numeric scale for better legibility. - The
--year
flag gives the "current year" for logs that don't support years. By default,ExP
behaves like Petit and uses the current year. - The
--filterdir
,--fingerprintdir
, and--factorydir
allow to add extra directories to scan for resp. filters, fingerprints, and factories. --dev1
and--dev2
allow to display only the data out of once (resp. twice) the standard deviation from the average. This idea comes from Petit's Roadmap.- Outsourced entries regexps to be able to customize them; this allows more than one regexp per entry type
- Color graphs using
--color
- XDG support for easier development and standard deployment of configuration files
- Cumulated data in graphs: what happens each second, minute, etc.
- Port
scriptlog
from Petit? - Ideas from Petit
- Missing fingerprints (Debian, etc.)
- Move some parts (regex, files?) to libCad