[Aide] aide 0.11 is generating a VERY large database.

[Adam Funk]

On 2006-11-23, Marc Haber <mh+aide at zugschlus.de> wrote:

>> On the machine still running 0.10-11, the database is 1.7MB
>> compressed, with 37049 files.  The daily run takes 2 minutes.

I upgraded that one to Ubuntu edgy with aide 0.11 and now have a 64MB
aide.db with 218731 entries and it takes 12 minutes.  I can live with
that.  Now that I've excluded /var/log my daily "difference report" is
shorter than it used to be!

Was there any good reason to include /var/log ?


Thanks for the advice.  I've written a crude but functional Perl
script to analyse the database, which I'm posting below in case anyone
else wants it.

##################################################
#!/usr/bin/perl

use warnings;
use strict;
use Getopt::Std ;


my ($line, %dir1, %dir2, %dir3, $item1, $item2, $item3, $n, %option);
my $border = "********************\n";
my $format = "%-40s %10u\n";

getopts("c:", \%option) ;

my $cutoff = $option{c} || 1;

while ($line = <>) {
    chomp($line);
    $line =~ s! .*$!!;

    if ($line =~ s!^(/[^/]+)!! ) {
	$item1 = $1;
	$dir1{$item1}++;

	if ($line =~ s!^(/[^/]+)!! ) {
	    $item2 = $1;
	    $dir2{$item1.$item2}++;

	    if ($line =~ s!^(/[^/]+)!! ) {
		$item3 = $1;
		$dir3{$item1.$item2.$item3}++;
	    }
	}
    }
}

print($border);

foreach $item1 (sort (keys (%dir1))) {
    $n = $dir1{$item1};
    printf($format, $item1, $n)
	if ($n >= $cutoff);
}

print($border);

foreach $item1 (sort (keys (%dir2))) {
    $n = $dir2{$item1};
    printf($format, $item1, $n)
	if ($n >= $cutoff);
}

print($border);

foreach $item1 (sort (keys (%dir3))) {
    $n = $dir3{$item1};
    printf($format, $item1, $n)
	if ($n >= $cutoff);
}

print($border);