{ "info": { "author": "Andres J. Diaz", "author_email": "ajdiaz@connectical.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 4 - Beta", "Intended Audience :: Developers", "License :: OSI Approved :: GNU General Public License (GPL)", "Operating System :: OS Independent", "Programming Language :: Python" ], "description": "Mole: A flexible operational log analyzer.\n==========================================\n\nMole is a log analyzer with parse your logs file (any kind of log), using\nspecified definitions (usually as regular expressions) and magically\ninterpret some fields (numbers, dates ...). Mole provide you a set of\nfunctions to analyze that data.\n\nInstallation\n------------\nJust as usual for each python package::\n\n pip install mole\n\nGetting started\n---------------\n\nIn this example we will use an access log file generated by apache (or any\nother HTTP server). Let's suppose that this file is located in\n/var/log/apache/access.log.\n\n.. note:: Don't worry about log rotations, mole can handle it.\n\n1. Configure mole\n~~~~~~~~~~~~~~~~~\n\nEdit the ``/etc/mole/input.conf``, just adding\n\n.. code-block:: ini\n\n [apache_log]\n type = tail\n source = /var/log/apache/access.log\n\nWe are defining a new input called *apache_log*, of type tail (that means\nthat we read the new lines in the file when written and handle rotate logs),\npointing to our log file in ``/var/log/apache/access.log``\n\nEdit the ``/etc/mole/index.conf``, just adding\n\n.. code-block:: ini\n\n [apache_log]\n path = /var/db/mole/apache_log\n\nWe are defining a new index. The index is the mole database where logs will\nbe stored in a proper format, so we can perform faster searches.\n\n2. Start daemons\n~~~~~~~~~~~~~~~~~~~~\n\n.. code-block:: bash\n\n $ mole-indexer -C /etc/mole\n $ mole-seeker -C /etc/mole\n\n3. Enjoy some searches\n~~~~~~~~~~~~~~~~~~~~~~\n\nFor example, get the top IP addresses which requested more traffic\n\n.. code-block:: bash\n\n $ mole 'input apache_log | sum bytes by src_ip | top'\n\n\nUnderstanding Mole Components\n-----------------------------\n\nThe mole pipeline is the responsible to read log items from a source,\nprocess then (and transform them if required) and, finally, return an\noutput. If output is not explicitly defined, use the best output format for\ncurrent console (serialize in network, just an printf in console).\n\n.. image:: http://yuml.me/diagram/scruffy;/class/[element]++-0..*%3E[input],%20[element]++-0..*%3E[index],%20[element]++-0..*%3E[parser],%20[index]-%3E[schema]\n :align: center\n\nThere are a few components which are interesting to know:\n\n**input:** The input are the responsible to read the log source, sources can\nbe of different kinds, such normal files, network stream, index file and so\non.\n\n**plotter:** The plotter main function is to split the source in logical\nlines. In a normal log file, each line in log is usually a new log entry,\nbut some other logs could be use a couple of lines to define the same\nlogical entry (i.e. java exceptions are usually in a number of lines).\n\n**parser:** Once the logical line is got, you need to known what is the\nmeaning of each field. The parser just assign names to fields using regular\nexpressions for that.\n\n**actions:** The actions are transformations, filters and in general any\nother action to take over the log dataset.\n\n**output:** The output just encapsulate the results of the actions in\na human (or machine) readable form. You can think the output as some kind of\nserialization.\n\nSo, the final pipeline in mole is something like that::\n\n | | | | ... | \n\n\nDaemons\n-------\nMole is composed by three different daemons (for now):\n\n**mole-indexer**: is the responsible to get the log files and index it,\n using an index back-end (just whoosh right now).\n\n**mole-seeker**: is the daemon responsible to lookup into the index,\n receiving queries using TCP port.\n\n**mole**: is the client which can query the mole-seeker.\n\nRunning\n-------\nTo start mole, you need to configure the server. You have an example in the\nconfiguration directory of the source code. The configuration directory\nwill contains one file per mole component.\n\nOnce your server is configured, start both mole-indexer and mole-seeker.\n\nFinally perform your query using mole.\n\nConfiguration\n-------------\nInto the configuration directory, you can find a different file per each\nmole component, i.e:\n\n**input.conf** for configure inputs. An input is a reader over a file,\n a network stream or everything else that can use to retrieve data to\n be analyzed.\n\n**index.conf** for set up indexes. The indexes are special stpra\n\nExamples\n--------\nCount the lines of a input (in this case the input will be an access_log of\napache server)::\n\n $ mole 'input apache_log | count *'\n count(*)=3445\n\nPerform the same query, but grouping by source ip::\n\n $ mole 'input apache_log | count * by src_ip'\n src_ip=127.0.0.1 count=121\n src_ip=192.168.0.21 count=1203\n\nCalculate the average transfer size in apache log, sorted by URL and get\nonly the top three::\n\n $ mole 'input apache_log | avg bytes by path | top 3'\n path=/ avg(bytes)=12343\n path=/login avg(bytes)=6737\n path=/logout avg(bytes)=2128\n\nSearch for an expression and count occurrences::\n\n $ mole 'input apache_log | search path=*login* | count *'\n count(*)=3838\n\n\nDevelopment\n-----------\nThe Mole code is stored in github_, and you can download it using git, as\nusual too::\n\n $ git clone git://github.com/ajdiaz/mole\n\n.. _github: http://github.com/ajdiaz/mole\n\n\nDesign\n------\nThe basic design of mole is a linear pipeline which includes, the following\ncomponents:\n\n* The *input*, is the responsible to read the data source byte-to-byte (or\n line to line, but it's agnostic to the format).\n\n* The *plotter*, which breaks the logical lines of the input. A logical line\n can be a text line or a number of text lines or a binary block.\n\n* The *parser*, is the responsible to get fields into the lines, for example\n using a regular expression or a comma separated pattern.\n\n* The *actions*, which are a number of transformations over the fields.\n\nInputs can be normal files (or tails of files) or special files called\n\"indexes\". An index contains the raw data plus time pointer.\n\nBugs, feedbacks, comments et spam\n---------------------------------\nTo open bugs or enhanced proposals, please use the `github issues tool`_.\nIf you have any suggestions, do not hesitate to contact me.\n\n.. _`github issues tool`: http://github.com/ajdiaz/mole/issues", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "http://github.com/ajdiaz/mole", "keywords": null, "license": "UNKNOWN", "maintainer": null, "maintainer_email": null, "name": "mole", "package_url": "https://pypi.org/project/mole/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/mole/", "project_urls": { "Download": "UNKNOWN", "Homepage": "http://github.com/ajdiaz/mole" }, "release_url": "https://pypi.org/project/mole/0.1/", "requires_dist": null, "requires_python": null, "summary": "A flexible log analyzer and operational intelligence tool.", "version": "0.1" }, "last_serial": 709263, "releases": { "0.1": [ { "comment_text": "built for Linux-3.8.0-22-generic-x86_64-with-glibc2.7", "digests": { "md5": "45ebe95d22ece53890631445870d584f", "sha256": "03e34231963d61422d98ef4b8fdc5c935c3d54bfbe49cebbd008b4e383a29272" }, "downloads": -1, "filename": "mole-0.1.linux-x86_64.tar.gz", "has_sig": false, "md5_digest": "45ebe95d22ece53890631445870d584f", "packagetype": "bdist_dumb", "python_version": "any", "requires_python": null, "size": 66372, "upload_time": "2013-05-27T10:40:55", "url": "https://files.pythonhosted.org/packages/d3/b1/efc34303ffc3966ff7368554c11a22f029145a18e657524bfe6ccb137779/mole-0.1.linux-x86_64.tar.gz" }, { "comment_text": "", "digests": { "md5": "546f436b741abbe87804f19ab810faaf", "sha256": "6e6b44d89057dae84683231944bd9c44e18023ee639af4c6280556e61f55b8b8" }, "downloads": -1, "filename": "mole-0.1.tar.gz", "has_sig": false, "md5_digest": "546f436b741abbe87804f19ab810faaf", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 29085, "upload_time": "2013-05-27T10:40:50", "url": "https://files.pythonhosted.org/packages/fe/44/085a5a2804378f9093a36e9aa95f31a1b8282cdbef8a25fed062b3225b0b/mole-0.1.tar.gz" } ] }, "urls": [ { "comment_text": "built for Linux-3.8.0-22-generic-x86_64-with-glibc2.7", "digests": { "md5": "45ebe95d22ece53890631445870d584f", "sha256": "03e34231963d61422d98ef4b8fdc5c935c3d54bfbe49cebbd008b4e383a29272" }, "downloads": -1, "filename": "mole-0.1.linux-x86_64.tar.gz", "has_sig": false, "md5_digest": "45ebe95d22ece53890631445870d584f", "packagetype": "bdist_dumb", "python_version": "any", "requires_python": null, "size": 66372, "upload_time": "2013-05-27T10:40:55", "url": "https://files.pythonhosted.org/packages/d3/b1/efc34303ffc3966ff7368554c11a22f029145a18e657524bfe6ccb137779/mole-0.1.linux-x86_64.tar.gz" }, { "comment_text": "", "digests": { "md5": "546f436b741abbe87804f19ab810faaf", "sha256": "6e6b44d89057dae84683231944bd9c44e18023ee639af4c6280556e61f55b8b8" }, "downloads": -1, "filename": "mole-0.1.tar.gz", "has_sig": false, "md5_digest": "546f436b741abbe87804f19ab810faaf", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 29085, "upload_time": "2013-05-27T10:40:50", "url": "https://files.pythonhosted.org/packages/fe/44/085a5a2804378f9093a36e9aa95f31a1b8282cdbef8a25fed062b3225b0b/mole-0.1.tar.gz" } ] }