Fulvio Scapin — 5 minutes 🐪
A good amount of Perl software performs important and sometimes unique tasks behind the scenes or within specific niches, remaining effectively invisible or "hidden" from the public eye.
In my opinion one such software is SEC or Simple Event Correlator, a event correlation software written in Perl more than 15 years old and still actively developed, occupying a space where little open source software can be found.
Event correlation allows to correlate events (e.g. lines or blocks of lines) coming from multiple inputs (generally, but not only, from log files) and perform decisions and actions upon matching a set of rules. Synthetic events, generated by actions in the rules themselves, can be triggered and matched against rules as well. On top of that memory structures with names and a lifetime can store information which persists and are accessible/modifiable across rules, optionally triggering new actions at the time of their expiration.
Matches can be simple, matching every time a condition is satisfied, or more complex, maybe matching only if a specific kind of event appears for more than a set amount of times within a specific time window. Far more complex match conditions are attainable.
On top of that, being Perl software, it allows for external Perl code to be called and used during its execution, providing further ways to extend and customize its behaviour.
The intent of this talk is to give a very shallow overview of a very powerful piece of software, hoping to make it known to more people outside its current audience which might find it useful for their needs.