• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: asl_search
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: asl_search

  • Subject: Re: asl_search
  • From: Marc Majka <email@hidden>
  • Date: Thu, 02 Jul 2009 11:12:14 -0700
What OS version are you using?  There are some significant changes in the ASL implementation between OS versions.  You may be running into a performance problems that is fixed in a more recent release.  I would expect that the asl_search() call on a Tiger or early Leopard system to be slow.  There's a big change in ASL in the Mac OS X 10.5.6 that should improve the performance of asl_search().

The /etc/asl.conf file is a configuration file for the syslogd system daemon.  The "store" option tells syslogd to direct a stream of messages into a separate file.  For example, if the file contained:

Q [= Sender Value] store /var/log/Value.asl

Then any message received by syslogd that had "Value" as the value for the "Sender" key would be saved in the flle /var/log/Value.asl

You could read the file from the command line with:

syslog -f /var/log/Value.asl

However, the asl(3) API does not provide a way for you to open and read that file from your code.

--
Marc Majka

On 2 Jul, 2009, at 08:31, Santosh Sinha wrote:

Hi,

I have large volume of log messages in asl. My problem is- it takes long time to search them.  Here is the code which I am using to fetch the messages from asl log-

q = asl_new(ASL_TYPE_QUERY);
asl_set_query(q, ASL_KEY_SENDER, "Value", ASL_QUERY_OP_EQUAL);
r = asl_search(NULL, q);

while (NULL != (m = aslresponse_next(r)))
{
   for (i = 0; (NULL != (key = asl_key(m, i))); i++)
{
val = asl_get(m, key);
----------
----------
}
}

I found a asl.conf file to optimize this search process. which says-
  The "store" action saves matching messages in a separate log message database.  The database may be
  accessed using the syslog command line utility.  A database pathname must follow the "store" keyword.
  A new database will be created if one does not exist.  Two optional parameters, "stayopen" and
  "exclude_asldb" may follow the database pathname.
  By default, syslogd will open the database, save a matching message, and then close the database.  If a
  high volume of messages is expected, specifying "stayopen" will improve performance.

  Specifying "exclude_asldb" will cause syslogd to save matching messages in the database, but exclude
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden






References: 


 >asl_search (From: Santosh Sinha <email@hidden>)






    

  • Prev by Date:
Re: asl_search

    • 

  • Next by Date:
POSIX APIs and thread safety on OSX

    • 

  • Previous by thread:
Re: asl_search

    • 

  • Next by thread:
POSIX APIs and thread safety on OSX

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •