Oops - yes, missed that.
martin
On Wed, Feb 4, 2009 at 8:48 PM, Jesús Gabriel y Galán <jgabrielygalan@gmail.com> wrote:
Here is your problem. Hash.new(0) means "when I query the hash, and
the key I request is not in there, return 0". It does not actually add
{key => 0} to the hash itself.This is true, but counts[d] += 1 is actually counts[d] = counts[d] + 1
so the RHS will evaluate to 1 the first time, assigning it to the hash:
Thanks for your response. It makes a lot more sense and you are on the
right lines I think. There is other code around this but it does not
bare much relevance:def scanEVTWithSource(file, source)
@alerts =
@evtLogArray =This is unneeded, since you later assign another array to this
variable without using this one.
Also, when reinitializing these variables on each method call then
chances are that they can be local variables and not instance
variables - unless, of course, some other method in the class (which
class?) uses the leftovers of scanEVTWithSource in those instance
variables.
I am suspecting the issue is somewhere above the method. For example,
you might have a loop calling scanEVTWithSource and expecting that
counts are aggregated throughout all calls but they aren't since you
reinitialize the Hash on each call.
begin
#read the contents of the event logs files
evtLog = EventLog.open_backup(file, source)#put data into an array
@evtLogArray = evtLog.read.sort { |a, b| (a.event_id <=>
b.event_id).nonzero? || (a.time_written <=> b.time_written)}Are you sure you want to put this in an instance variable?
#event log data collected
evtLog.close
if evtLogArray.length == 0Shouldn't this be checking the @evtLogArray?
return
end#failed logons where more than 10 have occurred in a day
if event.event_id == 529Here we are reaching the culprit, I think. What is event? It's not
defined in this method...eventdateID =
#assign all time written values to the eventsbydate array
eventsbydate = "#{event.time_written}"
eventdateID.push eventsbydate.gsub(/\s/, '')[0..7] +
eventsbydate[26..30]
counts = Hash.new(0)
eventdateID.each {|d| counts[d] += 1}
counts.each do |id,cnt|
@alerts.push("#{event.event_id} #{@tab} #{event.time_written}
#{@tab} #{event.event_type} #{@tab} #{type}") if cnt >= 5
end
end
end
Absolutely agree to your other comments. I still think we haven't
seen all the code. Also, the whole problem is not very clear to me
either.
Cheers
robert
2009/2/3 Jesús Gabriel y Galán <jgabrielygalan@gmail.com>:
On Tue, Feb 3, 2009 at 11:12 PM, Stuart Clarke > <stuart.clarke1986@gmail.com> wrote:
--
remember.guy do |as, often| as.you_can - without end