RE: [logs] Syslog payload format

From: Paul Robertson (probertsat_private)
Date: Tue Jan 14 2003 - 11:49:54 PST

  • Next message: Rainer Gerhards: "RE: [logs] Syslog payload format"

    On Tue, 14 Jan 2003, Frank O'Dwyer wrote:
    > Good example. Apache uses a structured, machine parseable log format.
    Feh, it's perfectly possible to get unparsable logs out of Apache.  In 
    fact for any site of significant volume, I can pretty much bet you _will_ 
    find clients asking for things which make parsing a true PITA.
    > The URL etc, is always in the same place and clearly delimited.
    The URL can contain the delimiters.
    > Try developing tools to parse that kind of thing, where each vendor does it
    > differently.
    Let's not forget that Apache is happy to play whirling ginsu master of 
    death with its own log file format...
    Paul, who's spent a week looking at "weird" Apache log entries and still 
    doesn't have a good handle on some of the stranger ones.
    Paul D. Robertson      "My statements in this message are personal opinions
    probertsat_private      which may have no basis whatsoever in fact."
    probertsonat_private Director of Risk Assessment TruSecure Corporation
    LogAnalysis mailing list

    This archive was generated by hypermail 2b30 : Tue Jan 14 2003 - 12:07:30 PST