Re: [logs] Converting log messages to XML format.

From: Frank Solomon (sysfrankat_private)
Date: Mon Nov 12 2001 - 05:42:59 PST

Next message: Sean McNamara: "[logs] Seeking suggestions on a secure central syslog setup.."

Previous message: Alexandre Dulaunoy: "[logs] IPFC Re: [logs] Converting log messages to XML format."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

While we're still at a preliminary phase in our project, my approach to 
incorporating XML has been to cheat.  (I'm always trying to find the 
easiest way.)  My intention is to throw the log into a SQL-Server 2000 
database then have SQL-Server output the XML via the "for XML" clause.  My 
preliminary tests look very promising, but I may be overly optimistic.  So 
far I haven't seen a problem with embedded special characters, but maybe my 
logs aren't stressing the syntax enough.

Of course, the generated XML looks more like this (sanitized example):

<root>
<row LogSeqNo="389021" DTL="Nov 12 2001  8:28AM" Source="HOSTNAME.uky.edu" 
Facility="LOCAL7   " Priority="NOTICE   " 
MessageText="Security      21755   Mon Nov 12 08:27:20 
2001        529     Security        SYSTEM  User    Failure 
Audit   HOSTNAME "/>
</root>

Thanks, all of you that responded to my earlier question.

Frank

At 02:29 PM 11/9/2001 -0800, Cedar Hannan wrote:
>I'm wondering if anyone out there has any experience with converting log
>messages to XML format.  I've been attempting to do this and have had
>moderate success.  The template feature in Syslog-ng makes this pretty
>easy in that you can write your tags into a template eg:
><host>$HOST</host> <message>$MESSAGE</message> etc.
>
>The only problem I have run into is that sometimes the text of a message
>will contain characters that mess up the XML "code".  This happens when
>the message text contains "<some_string>".  It then gets interpreted as
>a tag and breaks things.  The only thing I can think of to do is write a
>Perl script that "scrubs" the file to pull out any extraneous "<".  I
>was hoping to avoid this.  I am very, very new to XML so please excuse
>me if I'm confusing things.  Any ideas?
>
>-Cedar


*****************************************
Frank Solomon
University of Kentucky
http://www.franksolomon.net

A good mechanic only needs two tools:  Duct tape and WD40.
WD40 to make things go; and duct tape to make them stop.
--unknown
*****************************************


---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private

Next message: Sean McNamara: "[logs] Seeking suggestions on a secure central syslog setup.."
Previous message: Alexandre Dulaunoy: "[logs] IPFC Re: [logs] Converting log messages to XML format."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Nov 12 2001 - 09:54:15 PST