Definitions of particular terms used in Lire.
- DLF
See Distilled Log Format.
- Distilled Log Format
Example 1. DNS DLF Excerpts
1010912574 10.0.0.2 121.68.134.195.in-addr.arpa PTR recurs 1010912574 10.0.0.2 121.68.134.195.in-addr.arpa PTR recurs 1010912592 10.0.0.2 120.67.123.212.in-addr.arpa PTR recurs 1010912600 10.0.0.2 207.7.178.212.in-addr.arpa PTR recurs 1010912600 10.0.0.2 tr16.kennisnet.nl A recurs 1010912616 10.0.0.2 120.67.123.212.in-addr.arpa PTR recurs 1010912630 10.0.0.2 207.7.178.212.rbl.maps.vix.com ANY recurs 1010912630 10.0.0.2 NLnet.nl ANY recurs This is the generic log format used by Lire to normalise the log files from different products.
Currenlty, this normalised log is a simple ASCII format where each event is represented by one line. The information about the event is represented by fields separated by spaces. All non-printable ASCII characters are replaced by ?. Spaces in a field's value are replaced by _ (an underscore). Each line must have the same number of fields. A DLF file doesn't contain any header information. Example 1 shows an excerpt of a DNS DLF file.
See Also Superservice, DLF Schema.
- DLF Schema
Information about the order of the fields in a DLF file, their types and what they represent is specified in the DLF's schema. Schemas are defined in XML files using the Lire DLF Schema Markup Language (LDSML). Lire's offers an API (only in Perl for now) to programmatically access the information of a schema.
Log files of many different products can share a common DLF schema that makes Lire's reports easily comparable.
- Report
A report is what is generated by Lire. It consists of several subreports. Those subreports can be grouped into sections. The report is computed from the DLF file (and not the native log file) based on a configuration file which describes the subreports that make up the final report along with their parameters. (Consult the Lire User's Manual section Customizing Lire for more information.)
- Service
Put simply, a service is a specific application that produces log files. It is usually the case that one application will be equivalent to one service. For example, the mysql service is used to process MySQL's log files.
But more precisely, a service is a specific log format. For example, the common service can be used for all web servers that support the Common Log Format. Similarly, the welf service can be used to process firewall log files written using WebTrends Enhanced Log Format.
In order to generate a report on it, the native log will be converted to the appropriate superservice's DLF schema
- Subreport
A subreport is a particular view on the DLF log's data. Subreports are defined in XML files using the Lire Report Specification Markup Language (LRSML). (Although it defines subreports, it is called a Report Specification because a report is made up out of several subreports.) Example of a subreport would be Requests by Hours of the Day.
Subreports are defined for a particular DLF schema.
- Superservice
A superservice is a collection of services that share the same DLF schema and report. It is used to group together applications (services) that offer the same kind of functionality.
Lire currently supports eight superservices: database, dns, email, firewall, ftp, print, proxy, and www.