Sarawak: How it Works

This page references files found in the base Sarawak directory. By default, this directory is /usr/local/sycamore, but you might have changed this upon install.

To make this tutorial a little easier to following, let's create an environment variable to designate this directory. This assumes you use the bash shell 

  export DOG=/usr/local/sycamore
Change into the examples sub-directory found in the base Sarawak directory.
  cd $DOG/examples
  ls -l
In this directory, you will see many different examples. The following discusses these examples:

The Basics of Sarawak

Example 1: The Server

This example shows how the server process operates and introduces the idea behind the indexing of the log entries. This example will add a few hundred test log entries to the database.

Click here for Example 1

If you want to skip this example, you must at least do the following for the remaining examples to work correctly. 

  cd $DOG/examples/example_1
  ./purge_database.pl
  cat data.log | ./server.pl

Example 2: Generic SQL

Example 2 demonstrates the use of the SQL modules to simplify the process of searching for log entries.

Example 2A shows the use of the generic sql query

Example 2B demonstrates the use of the "type-specific" query

Example 3: IP, MAC and Username objects

Example 3 demonstrates the concept of the Sarawak::Item object. An Item is either an IP address, MAC address or a Username. Some logs will allow you to relate any two of these items. For example, the DHCP logs allow you to map a MAC address to an IP number. These examples show how Sarawak can be used to perform these conclusions.

Example 3A shows the conversion of an IP address to a MAC address

Example 3B shows the conversion of an Username to an IP address

Example 4: Reports

Reports perform many correlations between Item objects.

Example 4 gives two examples of using Sarawak::Report objects.

Example 5: CGI

Sarawak abstracts much of the code required for CGI scripts. Example 5 illustrates the steps one would take to implement a CGI script using the Sarawak::CGI::Simple object.

Example 5 Sarawak::CGI::Simple

Extending Sarawak

Example 6: Adding primitive logs

Sarawak can be extended in many ways. This example introduces the idea of "primitive" logs and demonstrates how you can add primitive logs to Sarawak.

Example 6 primitive logs

Example 7: Adding composite logs

This example shows how to add "composite" logs to Sarawak.

Example 7 composite logs