[logs] Réf. : Re: Réf. : Re: [logs] logsurfer help...

From: Thierry Agassis (thierry.agassisat_private)
Date: Mon Oct 29 2001 - 05:14:19 PST

Next message: Wolfgang Ley - Sun Germany - Hamburg: "[logs] Re: Réf. : Re: [logs] logsurfer help..."

Previous message: Thierry Agassis: "[logs] Réf. : Re: Réf. : Re: Réf. : Re: [logs] logsurfer help..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ok Wolfgang,

I'll re-read the man.

In fact, I just give "gogo 1" and "gogo 2" as examples.
In fact, I'd like to exclude very different logs lines coming from a 
firewall, typically known IP addresses or hostnames.

So a simple regular expression is not possible. I need a syntax able to 
list several independant regular expressions to be excluded.
I'm afraid that it is more a logsurfer syntax issue than regular 
expression.

Best regards !

_________________________
Thierry Agassis
Unicible

tel: +41 (0)21/644 6311
fax: +41 (0)21/644 6300
mailto:thierry.agassisat_private





Wolfgang Ley - Sun Germany - Hamburg <Wolfgang.Leyat_private>
29.10.2001 11:55
Veuillez répondre à Wolfgang Ley - Sun Germany - Hamburg

 
        Pour :  thierry.agassisat_private
        cc :    loganalysisat_private
        Objet : Re: Réf. : Re: [logs] logsurfer help...


Hi,

please read the documentation about regular expressions. If you want
to exclude all lines with either "gogo 1" or "gogo 2" then you have
to use the regular expression "gogo [12]" in your exclude pattern.

Bye,
  Wolfgang.
-- 
*******************************************************************
Wolfgang Ley                           Enterprise Services
Solaris Competence Center              Wolfgang.Leyat_private
Sun Microsystems GmbH                  Tel: +49 40 251523-0
Eiffestrasse 80                        Fax: +49 40 251523-77
D-20537 Hamburg                        http://www.sun.de/
-------------------------------------------------------------------

> 
> Hi Wolfganag,
> 
> Thank's for your help.
> I thought that when a rule matches, which action is "ignore", then the 
> line is not processed anymore by further rule(s).
> 
> So excluding gogo in the open "match_not_regex" seems to work.
> 
> Now I'd like to complicate the filter.
> 
> Let's have an input file (gaga.txt) like :
> 
> gaga 1
> gogo 1 gaga 2
> gaga 3 gogo 2
> gaga 4 gugu 1
> gaga 5
> gaga 6
> 
> What I'd like is to display all lines with the word "gaga", but not 
those 
> including "gogo 1" or "gogo 2".
> 
> Using egrep -v with a carriage return between the excluded strings works 

> fine :
> 
> # egrep -v "gogo 1
> > gogo 2" gaga.txt
> 
> displays :
> 
> gaga 1
> gaga 4 gugu 1
> gaga 5
> gaga 6
> 
> Using open with the same syntax doesn't work :
> 
> open "gaga" "gogo 1
> gogo 2" 3 0 0 "/bin/cat -" "gaga"
> 
> I've tried
> 
> open "gaga" "gogo 1"|"gogo 2" 3 0 0 "/bin/cat -" "gaga"
> 
> But it doesn't work either  :-(
> 
> What should I read else ?
> 
> Thank's again for your help and best regards !
> 
> _________________________
> Thierry Agassis
> Unicible
> 
> tel: +41 (0)21/644 6311
> fax: +41 (0)21/644 6300
> mailto:thierry.agassisat_private
> 
> 
> 
> 
> 
> Wolfgang Ley - Sun Germany - Hamburg <Wolfgang.Leyat_private>
> 26.10.2001 10:37
> Veuillez répondre à Wolfgang Ley - Sun Germany - Hamburg
> 
> 
>         Pour :  loganalysisat_private, 
thierry.agassisat_private
>         cc : 
>         Objet : Re: [logs] logsurfer help...
> 
> 
> Hi,
> 
> > Hi Everybody,
> > 
> > I have a trivial question :
> > 
> > Assume the following file (gaga.txt) :
> > 
> > gogo
> > gaga
> > gogo gaga
> > gaga gogo
> > gagagaga
> > gagagagagagaga
> > gaga
> > 
> > I expected that logsurfer with the following config
> > 
> > 'gogo' - - - 0 ignore
> > 'gaga' - - - open 'gaga' - 3 0 0 report "/bin/cat -" "gaga"
> 
> ...this is a syntax error - a "0" before the "open" is missing.
> 
> > 
> > 
> > would display (cat gaga.txt | logsurfer) :
> > 
> > gaga
> > gagagaga
> > gagagagagagaga
> > gaga
> > 
> > But lines with gogo still appear  :-(
> 
> Which is correct. Your configuration first ignores all lines with
> "gogo" but does react on the first "gaga". Starting with the first
> "gaga" you do open a contect to collect all following lines which
> to contain the word "gaga" anywhere in the line. This is due to your
> action
> 
>    open 'gaga' - 3 0 0 report "/bin/cat -" "gaga"
> 
> If you want to collect all lines with "gaga" but without "gogo",
> then you have to declare this in your context, e.g.
> 
>    open 'gaga' 'gogo' 3 0 0 report "/bin/cat -" "gaga"
> 
> > If I want to use contexts, what kind of rule should I use to log all 
> > logged line from a file, nut the ones with a given word ?
> 
> The regular expression '.*' will match everything (if that was your
> question).
> 
> Bye,
>   Wolfgang.
> -- 
> *******************************************************************
> Wolfgang Ley                           Enterprise Services
> Solaris Competence Center              Wolfgang.Leyat_private
> Sun Microsystems GmbH                  Tel: +49 40 251523-0
> Eiffestrasse 80                        Fax: +49 40 251523-77
> D-20537 Hamburg                        http://www.sun.de/
> -------------------------------------------------------------------
> 
> 
>

Next message: Wolfgang Ley - Sun Germany - Hamburg: "[logs] Re: Réf. : Re: [logs] logsurfer help..."
Previous message: Thierry Agassis: "[logs] Réf. : Re: Réf. : Re: Réf. : Re: [logs] logsurfer help..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Oct 29 2001 - 10:28:58 PST