Artificial Ignorance How-To Guide (jwenet.net)

Artificial Ignorance How-To Guide

How to build filters with grep. Has this excellent description of a tail trick...

  The TIS Gauntlet has a hack I wrote called "retail" which I can't
  unfortunately release the code for, but is easy to implement. Basically,
  it was like tail but it remembered the offset in the file from the
  previous run, and the inode of the file (so it'd detect file shifts) -
  the trick is to keep one fd open to the file and seek within it, then
  stat it every so often to see if the file has grown or changed inode. If
  it has, read to EOF, open the new file, and start again. That way you
  can chop the end of the log file through a filter every couple seconds
  with minimal expense in CPU and disk I/O.

original: http://www.ranum.com/security/computer_security/papers/ai/index.html
date: 09/13/2005