XQuery lets you mine log files to reveal trends, to find security holes and to allocate resources appropriately to match system usage needs. The log files do not have to be in XML format; the XQuery language is defined on an abstract XML data model. Therefore, you can map just about any data source to that data model. So even if the log file uses a delimited or fixed-field text format or a binary data format, an XML server may be capable of applying XQuery queries to it. Here's an example that queries a log file to find clients making more than an average number of connections to a server.
let $log := collection("logs")
let $logCount := count($log//logEntry)
let $hosts := distinct-values($log//host)
let $avg := $logCount div count($hosts)
for $host in $hosts
where count($log//host) > $avg
order by count($log//host)
return $host
The XQuery language is defined on an abstract XML data model. You can map just about any data source to that data model.
|
|
The preceding query returns a sorted list of hosts with more than an average number of connections—the high load clients. While it may take a bit of log file study to create the first query for this poor man's log auditor, it is extremely easy to build. Of course, having built this simple log auditor, you can also modify and extend it to turn it into a cost reduction tool—for example, one that looks for usage patterns to bill the Marketing department more for hogging the Web conferencing server, or one to identify systems that aren't being used. Analyzing logs will continue to get easier as more and more application vendors use XML to structure their log files—something that's increasingly common.
Previous Page: Introduction
