"Fun" may be an overstatement, but how about "less pain with logfiles"? Yeah, that works. If you spend much time wading through logs or other big, ugly text files, you are probably familiar with grep- and grep is great, especially if you know what you are looking for. If you know what you aren't looking for, and don't know what you are looking for, grep is not so handy. Sure, you can -v to exclude things, but it get ugly in a hurry. Enter Mandiant's Highlighter, a free utility for Windows, described by Mandiant as:
"Highlighter is a free utility designed primarily for security analysts and system administrators. Highlighter provides a user with three views of the log or text file being analyzed:
- a text view that allows users to highlight interesting keywords and remove lines with “known good” content
- a graphical, full-content view that shows all content and the full structure of the file, rendered as an image that is dynamically editable through the user interface
- a histogram view that displays patterns in the file over time. Usage patterns become visually apparent and provide the examiner with useful metadata that is not available in other text viewers/editors."
Load up a file, find a snip on a line you don't want to see, select it, right click and select remove- poof! all lines with that snip are gone. Repeat until the file makes sense, or at least until the anomalies jump out at you.
There are other features, such as highlighting and the entire file overview pane which can be pretty handy, too. And they aren't done, Highlighter is a work in progress, so I expect it to get better as they continue to develop it. It is currently limited by system RAM, it loads the entire file into memory, which is a problem for very large files- they plan on re-writing it more like a hex editor so that it will be able to handle very large files by only loaded what is active into RAM and leaving the rest on disk until needed.
A hat tip to Brett and Ovie of the Cyberspeak podcast for interviewing the authors of the software, Jed Mitten and Jason Luttgens, in their latest episode. Listen to the podcast to hear about it, then get your copy of Highlighter here.
I look at a variety of logs on a daily basis, this tool has become indispensable to me in the few days since I heard about it. And, it is everyone's favorite price, free.
Jack
