Provided by: petit_1.1.1-1_all bug

NAME
       petit - log analysis tool for systems administrators


SYNOPSIS
       petit [OPTION] [FILE]


DESCRIPTION
       petit  was developed to quickly analyze syslog and Apache log files in large environments.
       It can also be used for word discovery within log data. It is a general purpose tool  that
       can  do  hashing, word counts, and command line graphing of Apache and syslog files. It is
       designed to be a standard Unix tool that can be employed with pipes or by  opening  files.
       Petit  works  by  sifting  data  with  standard patterns and allows for custom filters and
       fingerprints. This leaves the analyst with data that is both varied and interesting.

       FILE can be Syslog, Apache Access, Apache Error, Snort or Raw log files. Petit can also be
       used to analyze any type of file as a Raw log file, but since time/date is not understood,
       they cannot be graphed.


OPTIONS
       -h, --help
              Displays simple usage message

       -v, --verbose
              Adds verbose output to any function

       --sample
              Sample any line for which there are 3 or less entries found

       --allsample
              Show samples for all lines found

       --filter
              Force filter files to be used during  processing  because  some  functions  do  not
              filter by default.

       --nofilter
              Force  filter  files  to  be  skipped  during  processing.  This  will work for any
              function.

       --wide Make graphing wider for bigger screens

       --tick="%"
              Change tick character from default of "#". This can be any single character.

       --finterprint
              Use fingerprinting to remove certain patterns from analysis. By default this is off
              for  most  or  all  functions.  This is a safety feature to prevent an analyst from
              removing data without using an explicit switch.

       -V, --version
              Display the version of petit and exit

       --hash This is one of the most basic functions  of  petit.  This  function  tallies  lines
              found.  Each  output line displays the number of similar lines found in the log and
              what the group generally looked like. If filtering  is  used  in  conjunction  with
              hashing  then  numbers  and  patterns  which  are commonly found and not profoundly
              necessary are  removed  from  the  input  stream.  This  leaves  the  analyst  with
              approximate  log  entries  as  opposed  to  actual  log entries. This is useful for
              analyzing large log sets commonly found in clusters/pools of servers.

       --wordcount
              Word counting is essentially like hashing except  that  data  is  grouped  by  word
              instead  of  line. A custom stopwords list is used to filter out common words found
              in the english language. A  common  use  case  for  this  function  would  be  word
              discovery.  When  used in connection with grep or swatch, word counting can be used
              to enumarate all of the words found in a log file which have similar meanings, such
              as "error, can't, fail, reject", etc.

              This  is extremely useful for giving confidence when building white lists and black
              lists. These lists can then be used for daily reporting  or  graphing  for  anamoly
              detection.

       --daemon
              Gives a simple report of lines produced, keyed by the daemon that produced them

       --host Gives  a  simple  report  of  lines produced, keyed by the host that produced them.
              This can be useful for analyzing machines in a cluster dedicated to the same  task.
              If  one machine is producing too much or too little log output there is generally a
              problem.


GRAPHS
       Graphs are displayed with the following information to help analyze the log file

       --sgraph
              Show a graph of first 60 seconds of the log file

       --mgraph
              Show a graph of first 60 minutes of the log file

       --hgraph
              Show a graph of first 24 hours of the log file

       --dgraph
              Show a graph of first 31 days of the log file

       --mograph
              Show a graph of first 12 months of the log file

       --ygraph
              Show a graph of first 10 years. 10  years  was  chosen  arbitrarily  and  could  be
              changed in the code if more time is needed.


FILES
       /var/lib/petit/fingerprint_library
              Fingerprint  library  which can be used to construct custom fingerprint files. They
              are in the  same  format  as  petit's  output  so  it  is  easy  to  construct  new
              fingerprints.

       /var/lib/petit/fingerprints
              Aggregate  fingerprint  files  which  can  be  used to filter out reboots and other
              events which the administrator does not care to see

       /var/lib/petit/filters/
              Each function has a separate list of words and patterns  which  are  removed.  Each
              list  is stored in a designated file and specified with standard regular expression
              format.


AUTHOR
       Written by Scott McCarty, see the AUTHORS file


COPYRIGHT
       This program is licensed under the GNU  General  Public  License,  see  the  file  COPYING
       included in the distribution archive.