|
|
LogAnalysis
Re: Re: [logs] regexless parsing, again? Sep 18 2007 04:51PM Marcus J. Ranum (mjr ranum com) (2 replies) Re: Re: [logs] regexless parsing, again? Sep 20 2007 12:59AM Mordechai T. Abzug (morty frakir org) (2 replies) Re: [logs] regexless parsing, again? Sep 20 2007 02:07PM Mike Heisler (mgh4 cornell edu) (2 replies) RE: Re: [logs] regexless parsing, again? Sep 20 2007 06:48AM Rainer Gerhards (rgerhards hq adiscon com) Re: Re: [logs] regexless parsing, again? Sep 19 2007 04:58PM E G (bronc94583 yahoo com) (4 replies) RE: Re: [logs] regexless parsing, again? Sep 19 2007 06:40PM Tina Bird (tbird precision-guesswork com) |
|
Privacy Statement |
I like this approach, but I have to admit I see those at least twice a
year ;) Hey, I am telling it is hopeless? Not sure... The problem ist to
get it started and the REAL problem is to get programmers to use it. It
would work best, of course, if any such effort would end up in a
government purchasing standard, that the agencies require.
IMHO, it doesn't even need to be very smart. Just some basic things
would be most helpful...
But again, no idea over here how to achieve it ;)
My (worthless) 2cts
Rainer
> -----Original Message-----
> From: loganalysis-bounces (at) loganalysis (dot) org [email concealed]
> [mailto:loganalysis-bounces (at) loganalysis (dot) org [email concealed]] On Behalf Of Mike Heisler
> Sent: Thursday, September 20, 2007 4:07 PM
> To: Mordechai T. Abzug
> Subject: Re: [logs] regexless parsing, again?
>
> Mordechai T. Abzug wrote:
> >
> > [Cue a bunch of starry-eyed innocents talking up CEE, CEF, and other
> > "standards" that are supposed to make unstructured logs go away Real
> > Soon Now.]
>
> Which is to say, as others have, we need solutions yesterday and
> official standards aren't going to solve the problem.
>
> Log files aren't generally written for us, they are written for the
> programmer or some auditor, individually, in a vacuum for each
> application. If I were to write an application today and
> wanted to log
> transactions of some sort why would I think to look for
> standards? Where
> would I start to look? Who cares about my log file any way?
>
> I'd like to suggest we can do something proactive
>
> - Share some of the good methodologies that have already been
> developed
> for parsing, categorizing or otherwise making sense of these files
>
> - Share log formats we are aware of (Splunk base is an example)
>
> - Come up with 2 or 3 or (N < 10) log file format
> recommendations. Maybe
> those in standards process.
>
> - Collect this information in 2 or 3 places.
>
> - Most importantly, get the info and recommendations into the
> faces of
> developers everywhere we can.
>
> Programmers coming out of school and those who've never seen a syslog
> have no clue that they there is any standard that could or should be
> followed. They roll their own, just like those needing to
> read the logs.
>
> --
> Mike Heisler 607-255-3058 cell: 607-227-6791
> Systems & Operations, Cornell Information Technologies
> mgh4 (at) cornell (dot) edu [email concealed] 703 Rhodes Hall Ithaca, NY 14853
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis (at) loganalysis (dot) org [email concealed]
> http://www.loganalysis.org/mailman/listinfo/loganalysis
>
_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis
[ reply ]