#! /usr/bin/perl -w

# vim:syntax=perl

use strict;

use lib '/usr/local/share/perl5';

use Lire::Program qw( :msg $PROG );
use Lire::DlfSchema;
use Lire::AsciiDlf::DlfInfo;
use Lire::DataTypes qw( :time );
use Getopt::Long;
use POSIX qw( strftime );


my ( $superservice, $dlf_file ) = @ARGV;
lr_err( "Usage: $PROG <superservice> <dlf_file>\n" )
  unless @ARGV == 2;

my $schema = eval {Lire::DlfSchema::load_schema( $superservice );};
lr_err( "$PROG: error loading schema : $@" ) if $@;

lr_info( "analyzing DLF $dlf_file" );
open ( DLF, $dlf_file ) 
  or lr_err( "can't open DLF file: $dlf_file: $!\n" );

my $info = eval { new Lire::AsciiDlf::DlfInfo( $schema, \*DLF ) };
lr_err( $@ ) if $@;

my $time = $schema->timestamp_field;
print "Analysis of $superservice DLF ($dlf_file)\n";
print "Records: ", $info->record_count, "\n";
if ( $info->is_field_available( $time->name ) ) {
    print "Starts:  ", strftime( "%Y-%m-%d %H:%M:%S", 
				 localtime $info->start_time ), "\n";
    print "Ends:    ", strftime( "%Y-%m-%d %H:%M:%S", 
				 localtime $info->end_time ), "\n";

}
print "\n";

printf "%-20s %-10s %-10s %-10s\n", "Field", "Type", "Key count", "Key ratio";
foreach my $f ( $schema->fields ) {
    if ( $info->is_field_available( $f->name ) ) {
	my $count = $info->field_keys( $f->name );
	printf "%-20s %-10s %10s %10.2f%%\n", $f->name, $f->type, $count, 
	  ($count / $info->record_count) * 100;
    } else {
	printf "%-20s %-10s Field is not available\n", $f->name, $f->type;
    }
}

__END__

=pod

=head1 NAME

lr_dlf_analyze - print information about a DLF file

=head1 SYNOPSIS 

B<lr_dlf_analyze> I<superservice> I<dlf_file>

=head1 DESCRIPTION

B<lr_dlf_analyze> is a tool for Lire developers.  It is a command line 
interface to the Lire::AsciiDlf::DlfInfo module which reads DLF file and
compute some infos on it.

=head1 EXAMPLE

Example output:

 [francis@Arendt tests]$ lr_dlf_analyze www cisco.dlf > stats
all all UNSET lr_dlf_analyze info started with firewall /home/francis/tests/lire-unstable/cisco.dlf
all all UNSET lr_dlf_analyze info analyzing DLF /home/francis/tests/lire-unstable/cisco.dlf
all all UNSET lr_dlf_analyze info memory stats: vsize=6388K rss=4996K majflt=412all all UNSET lr_dlf_analyze info elapsed time in seconds real=23 user=23.53 system=0.16
all all UNSET lr_dlf_analyze info stopped
 
 [francis@Arendt tests] cat stats
Analysis of firewall DLF (/home/francis/tests/lire-unstable/cisco.dlf)
Records: 231816
Starts:  2001-09-01 00:00:29
Ends:    2002-08-31 23:59:55

Field                Type       Key count  Key ratio 
time                 timestamp      231816     100.00%
action               string              1       0.00%
protocol             string              2       0.00%
from_ip              ip              48315      20.84%
from_port            port            48102      20.75%
from_host            hostname   Field is not available
rcv_intf             string              1       0.00%
rcv_hwaddr           string              1       0.00%
to_ip                ip                257       0.11%
to_port              port              177       0.08%
to_host              hostname   Field is not available
snt_intf             string     Field is not available
length               bytes      Field is not available
rule                 string              1       0.00%
msg                  string     Field is not available
count                int            231816     100.00%

=head1 VERSION

$Id: lr_dlf_analyze.in,v 1.4 2002/03/15 15:26:05 flacoste Exp $

=head1 COPYRIGHT

Copyright (C) 2001-2002 Stichting LogReport Foundation LogReport@LogReport.org
 
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
 
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.
 
You should have received a copy of the GNU General Public License
along with this program (see COPYING); if not, check with
http://www.gnu.org/copyleft/gpl.html or write to the Free Software 
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111, USA.

=head1 AUTHOR

Francis J. Lacoste <flacoste@logreport.org>

=cut

# Local Variables:
# mode: cperl
# End:

