On Wed, 9 Jan 2002, Marcus J. Ranum wrote: > I'm working on a sort of syslog parser thingie that will be released in > a couple months. It's rule-driven and can pretty much consume anything > you throw at it (so far, anyhow...) - and of course I'm bumping up against > the numerous incompatibilities of various syslog message formats. > Does anyone have any notes on the various syslog header layouts > that are out there in the wild? I'm mostly interested in the various > > dd/mm/yy host: program[pid] > dd/mm host: program: > > type stuff. Less interested in the message contents - that's another > problem for another day. :) We are working on syslog parsing (and other funny stuff 8-)) for our IPFC software. You can check the CVS for more information of how we are currently parsing syslog files : http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/ipfc/ipfc/src/db-backend/db-backend-daemon/ We plan to extend to support more (funny|crappy) syslog line in a near future (for example the PIX """syslog""") and other logging. I hope this helps. Alx PS : Do you plan to release the source code of your "syslog parser" under a GPL compatible license ? or is it part of the NFR products line ? Just for my information. -- Alexandre Dulaunoy adulauat_private http://www.conostix.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Wed Jan 09 2002 - 07:34:35 PST