LogAnalysis
[logs] Error messages from syslogd Jul 11 2007 06:38AM
Tina Bird (tbird precision-guesswork com) (2 replies)
Re: [logs] Error messages from syslogd Jul 11 2007 03:47PM
Stephen John Smoogen (smooge gmail com) (1 replies)
RE: [logs] Error messages from syslogd Jul 11 2007 04:41PM
Tina Bird (tbird precision-guesswork com) (3 replies)
RE: [logs] Error messages from syslogd Jul 12 2007 11:38AM
Balazs Scheidler (bazsi balabit hu)
RE: [logs] Error messages from syslogd Jul 11 2007 09:02PM
Rainer Gerhards (rgerhards hq adiscon com)
RE: [logs] Error messages from syslogd Jul 11 2007 07:13PM
Daniel Cid (danielcid yahoo com br) (2 replies)
Re: [logs] Error messages from syslogd Jul 11 2007 07:42PM
Justin Mitchell (jmitchell secureworks com) (2 replies)
Re: [logs] Error messages from syslogd Jul 11 2007 08:00PM
Marcus J. Ranum (mjr ranum com) (1 replies)
Re: [logs] Error messages from syslogd Jul 11 2007 09:55PM
Russell Fulton (r fulton auckland ac nz) (2 replies)
Re: [logs] Error messages from syslogd Jul 12 2007 12:32AM
Marcus J. Ranum (mjr ranum com) (1 replies)
Re: [logs] Error messages from syslogd Jul 13 2007 06:59AM
Amiran Alavidze (galavidze gmail com)
Re: [logs] Error messages from syslogd Jul 12 2007 12:13AM
Mordechai T. Abzug (morty frakir org)
RE: [logs] Error messages from syslogd Jul 11 2007 07:50PM
Tina Bird (tbird precision-guesswork com) (1 replies)

> Regular expressions, experience, and research are priceless
> (w/ an emphasis on
> regular expressions). Along with some luck and intuition,
> you will (or the
> individual analzing will) be good to go. Honestly, simple as that.

uh, d00d. the problem is that in my 10+ years of looking at UNIX log data,
i've only ever seen 4 messages generated *by* syslogd (as opposed to
received by):

stopping
restarting
host unreachable
last message repeated N times

the mere *location* of messages created by syslogd hardly requires a regular
expression. you only have to grep for syslogd!

so my "research" consists of asking this group of experienced people whether
they've ever *seen* other messages (and, of course, reviewing the source
code to get some idea of the range of error messages that are theoretically
possible).

i'm a bit bemused by the thought that lack of experience is my problem
here...

tbird
_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]
Re: [logs] Error messages from syslogd Jul 11 2007 10:07PM
Mordechai T. Abzug (morty frakir org)
RE: [logs] Error messages from syslogd Jul 11 2007 07:16PM
Tina Bird (tbird precision-guesswork com)
Re: [logs] Error messages from syslogd Jul 11 2007 08:00AM
Rainer Gerhards (rgerhards hq adiscon com)


 

Privacy Statement
Copyright 2010, SecurityFocus