{"id":396,"date":"2015-05-11T05:45:14","date_gmt":"2015-05-11T05:45:14","guid":{"rendered":"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/?page_id=396"},"modified":"2017-12-08T10:49:36","modified_gmt":"2017-12-08T10:49:36","slug":"the-binfile-module","status":"publish","type":"page","link":"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/?page_id=396","title":{"rendered":"The binfile module"},"content":{"rendered":"<p>The <code>binfile<\/code> module is very similar to the <a title=\"The textfile module\" href=\"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/?page_id=87\"><code>textfile<\/code>\u00a0module<\/a>. \u00a0It reads data from a binary file instead of a text file, and returns blocks of raw data instead of text lines. \u00a0It can read data from text files,\u00a0\u00a0from Unix pipes and from Unix (<code>AF_UNIX<\/code>) TCP sockets.<\/p>\n<p>The <code>binfile<\/code> module is\u00a0 an <a title=\"Input modules\" href=\"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/?page_id=126\">input module<\/a>, meaning that its purpose is to read data from some sources, and convert it to Orchids events.\u00a0 The sources\u00a0 should be declared in the <a title=\"orchids-inputs.conf\" href=\"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/?page_id=145\"><code>orchids-inputs.conf<\/code><\/a> file, by directives such as:<\/p>\n<pre>INPUT binfile \/var\/log\/bsm\/current<\/pre>\n<p>Admissible sources are regular files, Posix pipes and Unix (<code>AF_UNIX<\/code>) TCP sockets (<code>SOCK_STREAM<\/code>).<\/p>\n<p>Internet (<code>AF_INET<\/code>) sockets are not handled, and should be dealt with using the <a title=\"The udp module\" href=\"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/?page_id=171\"><code>udp<\/code><\/a> module.\u00a0 Unix UDP sockets (<code>SOCK_DGRAM<\/code>) should be dealt with using the <a title=\"The sockunix module\" href=\"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/?page_id=210\"><code>sockunix<\/code><\/a> module.<\/p>\n<p>The <code>binfile<\/code> module reads from these sources and produces Orchids events, one per block of data.\u00a0 The size of each block is currently hard-coded (to 1024 bytes). \u00a0Actual blocks may be smaller. \u00a0The contents of each block will then be found in the <code>.binfile.block<\/code>\u00a0field of the event.\u00a0 The name of the source, as given in the <a title=\"orchids-inputs.conf\" href=\"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/?page_id=145\"><code>orchids-inputs.conf<\/code><\/a> file, will be in <code>.binfile.file<\/code>.<\/p>\n<h3>Configuration options<\/h3>\n<p><code>&lt;module binfile&gt;<\/code><\/p>\n<ul>\n<li><code>PollPeriod<\/code> <em>secs<\/em>: instructs Orchids that it should poll files read by the <em>binfile<\/em> module every secs seconds. There is no way to specify a polling period of less than 1 second. This takes precedence over the general <a href=\"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/?page_id=68\"><code>PollPeriod<\/code><\/a> directive.<\/li>\n<li><code>ProcessAll<\/code> <em>n<\/em>: if <em>n<\/em> is non-zero, read all lines from the start of the file. This only applies to files, not pipes or Unix TCP sockets, and is meant to analyze log files, offline. The default behavior (<em>n<\/em>=0) is to read only lines added after Orchids started, through polling.<\/li>\n<li><code>ExitAfterProcessAll<\/code> <em>n<\/em>: if <em>n<\/em> is non-zero, shutdown Orchids after the end of file has been met. On pipes and sockets, this will cause Orchids to shutdown when the pipe or socket is closed. This is meant to analyze a single log file, offline. If different input sources are specified, Orchids will exit regardless of the fact that there are still events pending from the other sources. The default behavior (<em>n<\/em>=0) is to continue polling, waiting for extra data, once the end of file has been reached.<\/li>\n<\/ul>\n<p><code>&lt;\/module&gt;<\/code><\/p>\n<p>The <code>binfile<\/code> module also understands options named <code>INPUT<\/code> and <code>AddInputFile<\/code>.\u00a0 They are synonyms, take a file, pipe or Unix socket name as argument, which they open and use as input to the <code>binfile<\/code> module.\u00a0 They should <em>not<\/em> be used inside the <code>binfile<\/code> module configuration file.\u00a0 Instead, input should be specified in the <a title=\"orchids-inputs.conf\" href=\"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/?page_id=145\"><code>orchids-inputs.conf<\/code><\/a> file.<\/p>\n<h3>Fields<\/h3>\n<p>The last field is <code>.binfile.block<\/code>, available for further dissection; the dissection key is <code>.binfile.file<\/code>.<\/p>\n<table style=\"border: solid 1px black;\">\n<tbody>\n<tr style=\"background-color: lightsteelblue;\">\n<th>Field<\/th>\n<th><a title=\"Types\" href=\"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/?page_id=98\">Type<\/a><\/th>\n<th><a href=\"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/?page_id=719\">Mono<\/a>?<\/th>\n<th>Description<\/th>\n<\/tr>\n<\/tbody>\n<tbody>\n<tr style=\"background-color: lightgrey;\">\n<td><code>.textfile.file<\/code><\/td>\n<td><code>str<\/code><\/td>\n<td><\/td>\n<td>source file name<\/td>\n<\/tr>\n<tr style=\"background-color: white;\">\n<td><code>.textfile.block<\/code><\/td>\n<td><code>bstr<\/code><\/td>\n<td><\/td>\n<td>current data block<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The binfile module is very similar to the textfile\u00a0module. \u00a0It reads data from a binary file instead of a text file, and returns blocks of raw data instead of text lines. \u00a0It can read data from text files,\u00a0\u00a0from Unix pipes and from Unix (AF_UNIX) TCP sockets. The binfile module is\u00a0 an input module, meaning that &hellip; <a href=\"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/?page_id=396\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">The binfile module<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"open","template":"","meta":{"footnotes":""},"class_list":["post-396","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/index.php?rest_route=\/wp\/v2\/pages\/396","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=396"}],"version-history":[{"count":6,"href":"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/index.php?rest_route=\/wp\/v2\/pages\/396\/revisions"}],"predecessor-version":[{"id":725,"href":"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/index.php?rest_route=\/wp\/v2\/pages\/396\/revisions\/725"}],"wp:attachment":[{"href":"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=396"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}