LogAnalysis
[logs] ugliest application logs ever? Jan 24 2008 02:14AM
Anton Chuvakin (anton chuvakin org) (5 replies)
Re: [logs] ugliest application logs ever? Jan 24 2008 09:12PM
Leo D. Geoffrion (ldg skidmore edu) (1 replies)
RE: [logs] ugliest application logs ever? Jan 24 2008 10:50PM
Tina Bird (tbird precision-guesswork com)
Re: [logs] ugliest application logs ever? Jan 24 2008 07:52PM
Jason Lewis (jlewis packetnexus com) (1 replies)
I don't know about ugly, but logs that are difficult to parse suck.

Netscreen:
messages:Dec 17 09:35:27 10.14.93.7 ns5xp: NetScreen device_id=ns5xp
system-notification-00257(traffic): start_time="2002-12-17 09:40:18"
duration=4 policy_id=0 service=tcp/port:8000 proto
=6 src zone=Trust dst zone=Untrust action=Permit sent=715 rcvd=6561
src=10.14.94.221 dst=10.14.90.217 src_port=1039 dst_port=8000 translated
ip=10.14.93.7 port=1217
messages:Dec 17 09:35:27 10.14.93.7 ns5xp: NetScreen device_id=ns5xp
system-notification-00257(traffic): start_time="2002-12-17 09:40:18"
duration=4 policy_id=0 service=tcp/port:8000 proto
=6 src zone=Trust dst zone=Untrust action=Permit sent=651 rcvd=2782
src=10.14.94.221 dst=10.14.90.217 src_port=1040 dst_port=8000 translated
ip=10.14.93.7 port=1218

There isn't a good delimiter to break the log up, so it requires an
custom regex. Trying to use a space is a nightmare. Give me something
so I can quickly grab only what I need. I like pipe delimited.

jas

Anton Chuvakin wrote:
> All,
>
> Ah, long time - no post! :-)
>
> I wanted to turn this into a formal contest but figured I'd poll the
> list first: what are the ugliest, most useless application logs that
> you've seen? Logs that defy log analysis, that are full of numeric
> codes not explained anywhere? Logs that don't say what they mean (and
> vice versa)? Logs that omit the most critical piece of info?
>
> Here is my example:
>
> |22:22:32|BTC| 7|000|DDIC | |R49|Communication error, CPIC
> return code 020, <application> return code 456
>
> Why it sux: numeric codes (twice), ambiguous language, no sense of
> priority, etc.
>
> More?
>
> Best,
>
_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]
Re: [logs] ugliest application logs ever? Jan 24 2008 09:29PM
Andrew Hay (andrewsmhay gmail com)
Re: [logs] ugliest application logs ever? Jan 24 2008 02:18PM
David Corlette (DCorlette novell com) (3 replies)
RE: [logs] ugliest application logs ever? Jan 25 2008 12:51AM
Mark Poepping (poepping cmu edu) (1 replies)
Re: [logs] ugliest application logs ever? Jan 25 2008 02:50AM
Matt Cuttler (mcuttler bnl gov)
Re: [logs] ugliest application logs ever? Jan 24 2008 07:53PM
Marcus J. Ranum (mjr ranum com)
Re: [logs] ugliest application logs ever? Jan 24 2008 07:43PM
Anton Chuvakin (anton chuvakin org)
Re: [logs] ugliest application logs ever? Jan 24 2008 06:21AM
John Kinsella (jlk thrashyour com) (3 replies)
RE: [logs] ugliest application logs ever? Jan 24 2008 03:47PM
Fenwick, Wynn (wynn fenwick cgi com) (1 replies)
Re: [logs] ugliest application logs ever? Jan 24 2008 08:38PM
Patrick Whalen (pwhalen rescomp com)
RE: [logs] ugliest application logs ever? Jan 24 2008 02:58PM
Paul Melson (pmelson gmail com)
Re: [logs] ugliest application logs ever? Jan 24 2008 12:47PM
Matt Cuttler (mcuttler bnl gov) (2 replies)
RE: [logs] ugliest application logs ever? Jan 24 2008 08:09PM
Rainer Gerhards (rgerhards hq adiscon com) (1 replies)
Re: [logs] ugliest application logs ever? Jan 24 2008 10:13PM
Daniel Cid (dcid ossec net)
Re: [logs] ugliest application logs ever? Jan 24 2008 07:17PM
Andrew Hay (andrewsmhay gmail com)
RE: [logs] ugliest application logs ever? Jan 24 2008 05:00AM
Tina Bird (tbird precision-guesswork com) (2 replies)
Re: [logs] ugliest application logs ever? Jan 24 2008 10:41PM
Jason Haar (Jason Haar trimble co nz)
RE: [logs] ugliest application logs ever? Jan 24 2008 05:23AM
Marcus J. Ranum (mjr ranum com) (2 replies)
Re: [logs] ugliest application logs ever? Jan 29 2008 03:06AM
Mordechai T. Abzug (morty frakir org) (1 replies)
[logs] Log Generator Jan 29 2008 06:17AM
harshad mengle wipro com (2 replies)
Re: [logs] Log Generator Jan 29 2008 03:26PM
Jim Prewett (download hpc unm edu) (2 replies)
RE: [logs] Log Generator Jan 29 2008 07:52PM
Clayton Dukes (cdukes) (cdukes cisco com) (1 replies)
RE: [logs] Log Generator Jan 29 2008 08:39PM
Marcus J. Ranum (mjr ranum com) (1 replies)
Re: [logs] Log Generator Jan 30 2008 08:33PM
Tom Le (dottom gmail com)
RE: [logs] Log Generator Jan 29 2008 03:31PM
harshad mengle wipro com
RE: [logs] Log Generator Jan 29 2008 03:00PM
Clayton Dukes (cdukes) (cdukes cisco com)
Re: [logs] ugliest application logs ever? Jan 24 2008 01:52PM
Tim Sailer (sailer bnl gov)


 

Privacy Statement
Copyright 2010, SecurityFocus