G'day All, It seems to me there is some agreement on using tokens to identify common parts of the log message. How about this for a crazy idea... Create an open source parser/converter that takes current vendor messages and converts them into the new "standard" tokenized format. A database of conversion scripts (using RegExp or other tools) could be maintained by the user community and vendors. As new syslog enabled devices are made available, the vendors would offer the new standard tokenized format instead. The converter could either sit between the device and the central syslog server, or be integrated into the syslog itself. It would be a matter of deciding on a suitable list of tokens. Then deciding on how each current message type should be converted into the new tokenized format. Since all the data is used for different purposes, maybe have a series of different tokens. Some for web, firewall, IDS, routers, UNIX, authentication, environment monitoring etc. The WELF (Webtrends extended logging format) is a good start, but it only has tokens for firewall type messages. Having a converter would allow the grazing horses to be returned to the barn, and the wild horses trained over time so they would wander back on their own accord. :-) Cheers Andrew _______________________________________________ LogAnalysis mailing list LogAnalysisat_private https://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Wed Aug 21 2002 - 14:55:24 PDT