>>> On 5/14/2007 at 4:51 AM, Giacomo Fazio <[EMAIL PROTECTED]> wrote: > Ciao Crist, > > i modified the script to be read the new format of log file. > It works fine. > > But if it receive a big number of alerts in a little time, it is not able to > > cumpute all alert..... > > It is better to translate it to C ?
I'm not exactly sure what your script does, so I'll just kind of have to go on the scanalert.pl from spitzner.net. I'm not sure that translating it to C is going to buy you much. The problem I see is that the firewall will spawn a new invocation of the script for each alert. The script is definitely not written to deal with a new invocation starting up before the previous one has finished. The scripts read from and write to various log files. The next invocation might read info from the files before the previous has finished writing. It even possible for a later invocation to write something an earlier one really shouldn't see. Just translating the script into C doesn't really address the basic flaw. You may need more alerts or more closely spaced alerts, but it is still possible to have problems since reading and writing from the disk is probably the bottleneck for either the script or compiled program. What might be a better way to handle this is to break the script into two parts. You can turn the script into a persistent daemon. A small client script is what the firewall actually sends the alerts through (I'd put all of the code in one script and just have it behave as the daemon or client depending on the command line arguments). It then hands the message to the daemon. You still could get alerts out of order, but you can ensure that the database (the files it writes to) are in a consistent state during the processing of each alert. BĀ¼information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact [EMAIL PROTECTED] ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
