my $from_t = $param->{from_t};
- store::query( $from_t, sub {
+ my $q;
+ $q->{'package.time'} = { '$lt' => $from_t * 1 } if $from_t;
+# $q->{'package.name'} = { '$ne' => 'syslogd' };
+ $q->{'package.name'} = { '$ne' => 'dhcpd' };
+# $q->{'package.name'} = { '$ne' => [ 'dhcpd', 'dnsd' ] };
+ $q->{'tag'} = { '$ne' => 'CRON' };
+ store::query( $q, sub {
my $o = shift;
my $p = delete( $o->{package} );
delete( $o->{_id} );
sub query {
- my ( $from_t, $callback ) = @_;
- my $q;
- $q->{'package.time'} = { '$lt' => $from_t * 1 } if $from_t;
-# $q->{'package.name'} = { '$ne' => 'syslogd' };
- $q->{'tag'} = { '$ne' => 'CRON' };
+ my ( $q, $callback ) = @_;
warn "# query ", dump($q);
- $audit->ensure_index({ 'package.name' => 1 });
+ $audit->ensure_index({ $_ => 1 }) foreach keys %$q;
my $cursor = $audit->query($q)->sort({ 'package.time' => -1 })->limit( 100 );
while( my $o = $cursor->next ) {
$callback->( $o );