You are going to spend a *LOT* of time re-doing the work that went into SQL
db that you have eliminated... Re-consider.
Still, there are some things you can do:
Under LINUX, so long as your data is less than 4K (?),
fopen(...,'a')/fwrite()/fclose() is atomic. So if you are just dumping out
IP+timestamp and even some minimal data, you are set.
You can safely just code it like a newbie, and it will work, even though it
should blow up in your face by all rights :-)
Repeat: The preceding was true *only* under LINUX.
If you are *not* using LINUX, your other option is, in fact, to flock() the
file. You open it for reading, flock() the handle, fopen() it for writing
(now that you "own" it), fwrite() as fast as you can, and unlock it and
fclose() it.
http://php.net/flock
You should also use http://php.net/register_shutdown_function to be sure you
never leave a file flock'ed if PHP pukes or something.
Perhaps even a cron job to release any flocks older than XXX time somehow...
Even *with* LINUX, at some point, you are going to want to shrink the file
so it doesn't grow to monster proportions, but you only want to throw away
the really old entries... Alas, this will be quite a chore with the flocks
going on, and everything will come to a screeching halt while you archive or
delete the old data...
You see, there's just all sorts of nasty things you need to worry about if
you go this route, and you really were better off with SQL where it's all
taken care of... Re-consider again. :-)
--
WARNING [EMAIL PROTECTED] address is an endangered species -- Use
[EMAIL PROTECTED]
Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm
Volunteer a little time: http://chatmusic.com/volunteer.htm
----- Original Message -----
From: Sean Straw / Pse <[EMAIL PROTECTED]>
Newsgroups: php.general
To: <[EMAIL PROTECTED]>
Sent: Friday, September 21, 2001 8:01 AM
Subject: event cache management (no, not code cache) -- W32/Nimda filter
>
> I'm working on something to deal with the W32/Nimda worm traffic, and in
> order for this to work, I need a cache management function - basically, as
> an event occurs, I check to see if the source IP is in the cache file
> already - if not, it gets added along with the current timestamp and
> actions are taken. If it is in the cache, the original timestamp plus the
> expiration value is compared against the current timestamp - if it isn't
> expired, we just quit processing, whereas if the sum is less than the
> current time, then the entry is expired, and I'd update the cache
timestamp
> to reflect the current event, while going and performing the actions (as
if
> it wasn't there at all).
>
> One aspect of this is dealing with sending emailed notifications to
> (ir)responsible parties for the hosts in question (rDNS -> MX, and IP
> delegations are both used). This is a processing impact which we'd simply
> not want to incurr for every Nimda hit - thus the need to keep track of
> which hosts we've dealt with in the previous 'n' hours and just drop them
> if we've seen them since.
>
> I don't want to use an SQL DB, primarily because I'd like to make the
> script as self sufficient as possible
>
> I haven't figured out how to efficiently deal with reading and writing a
> file which may be getting tweaked by a concurrent session - should the PHP
> script immediatley open and flock the cache file and keep it locked until
> it has completed operations, even though it may not need to write to the
> file (i.e. the entire decision making process should be within the
confines
> of an flock()?) Are there any efficiency tricks for loading a
> 2-dimensional array from a file (source IP + timestamp)? Is there some
way
> I can make a daemon with PHP (manage the cache in one process while
> answering queries from other processes)?
>
> I'm also looking to construct a script which may be executed under a cron
> job, which will add new hosts to the system firewall (either on the local
> host, or quite possibly, at the WAN interface, thereby protecting all the
> hosts on the LAN). If anyone has already tackled such a thing, I'd
> appreciate hearing about it.
>
> Also, does anyone have a whois implementation in PHP (the idea being to
> avoid exec'ing another process on the system if at all possible).
> ---
> Please DO NOT carbon me on list replies. I'll get my copy from the
list.
>
> Sean B. Straw / Professional Software Engineering
> Post Box 2395 / San Rafael, CA 94912-2395
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
