Perl Project
Microsoft Event Log Analysis
I have made available a file of the event log of System Events (System Log) from a Windows 2000 computer. You can read about the content of these logs here.
The event log file consists of tab-delimited columns of data. The columns are:
Date Time Source Type Category EventID User Computer Description
Your assignment is to write a Perl program to analyze the records in the event log and report the following findings:
1) Count all events of type Error, maintaining separate counts by EventID, and report the Error EventIDs in order from most frequent to least frequent. Under a heading of "ERRORS", show a line for each EventID, and report the count of the Error events, the EventID, and the Description of the Event. Shorten the description of the event to the first 50 characters.
2) Report the frequency of Events, of all types, by hour of the day. Use a 24-hour time system, and accumulate counts over all data on record. Under a heading of "EVENTS BY HOUR", show a line for each hour from 0 through 23, with accumulated event counts for each hour.
3) Report the frequency of DHCP errors by day of week. Count DHCP Errors only (not warnings or other types), and accumulate frequencies by day of the week.
To easily convert a date into a day of the week, use the Perl module Date-Day. This module is now installed on the Unix machines. To access this module be sure to use the "shebang" line as in the following sample code, which will also show you how to use the module:
#!/usr/local/perl5.8.6/bin/perl
use Date::Day;
print "April 8, 1980 was on ",&day(4,8,1980),"\n\n";
print "February 12, 2007 is on ",&day(2,12,2007),"\n";
If you want to download and install this module on your own machine, you can find the code and the directions on CPAN. You will find directions for installing a module in the perldoc that was probably installed when you installed Perl. Open a cmd window and issue the command:
C:\PLC\Perl>perldoc perlmodinstall
4) Count all the events (of any type) that have "Hotfix" in the Description. Organize your count of Hotfixes by source, and report the counts of "HOTFIXES" by source, with the most frequently updated source first. You need not display the description itself of the event.
5) Report computers on the network that at one time or another believed they were the Browse Master. List these computers in alphabetical order (case-insensitive). Microsoft computers on a network maintain a "Browse Service" where one computer, the Browse Master, keeps a list of shared resources. Other computers on the network can look to the Browse Master to locate resources (servers, etc.). You can read about the service here.
EventID 8003 reports that, "The master browser has received a server announcement from the computer <computer_name> that believes that it is the master browser for the domain..." Your task is to find all such <computer_name>s, and report them in alphabetical order, without duplications.
Details:
Your
script should be named event_log_report.pl. To run the script, the user should supply in the command line the
name of the event log file to analyze, and the name of the file to be created
for the report. Do not hard-code the
name of the event log file, or the name of the report file. If the user does not provide a file name for
the report, the report should go to standard output, but remember that your
script must offer output to a file named in the command line.
Usage: event_log_report.pl <event_log_file>
<report_file>
I urge you
to build your script one activity at a time.
Get each piece working before coding the next.
Since
event log files can be large, you should read the event log file one line at a
time, rather than read the entire file into an array. I will be checking to see that you use this approach.
Grading:
Activity
1: 20 points
Activity
2: 20 points
Activity 3: 20 points
Activity
4: 20 points
Activity
5: 20 points
Neatness counts! Your report should be easy to read. I may deduct points if your report, or your Perl code, is difficult to follow.