Hi all, As some eventually know, I am trying to create a framework on how to tackle diverse log sources in a generic way. I am doing research that will hopefully lead to a generic understanding of log data as whole. Currently, I am trying to describe real-world **syslog** data in a generic sense. As of now, the paper has the following abstract (which may change during the course of time for obvious reasons): ### This paper describes the "nature" of syslog data. It looks at how syslog data is structured and what are the syntaxes and semantics of the log data. The entities making up the log record are identified and defined. Syntaxes and semantics typically found are also described and defined. The intension of this paper is to provide a theoretical model describing the structure of real-world log data. With such a theoretical model, further work can be done to define a set of well-known log message properties which in turn can be used to build generic log analysis algorithms and tools. The theoretical model created in this paper should also enable the creation of log parsers that will parse individual log messages into a generic format. ### Of course, the paper will be publically available once finished. Having said this, on to my request: I would appreciate if the list members (you!) could send me a few lines of their actual syslog data. I am NOT asking for full log samples. Just a few lines of real-world data would be sufficient, more than a few lines will probably overwhelm me. Even a single line can do nicely. I am asking this because I would simply like to see how different vendors *format* messages. So I am not actually interested in a lot of sample data but merely in many different small samples of different formats. I would appreciate if you could also let me know the software and version that produced the log record (and the syslogd that recorded it). I would use this data to see if the principles I have observed (and will describe in my paper) actually apply to all samples I receive. If you need to sanitize your sample, please leave the format intact - everything else I do not care about. Most importantly, I will not run these samples through any automatted process but will need to review them manually (thus a small amount is much better than a large one). So, please, if you have some log data, send me (via private mail!!!) a few sample lines. I think this is quite effortless for most of you. I am not asking for complete, big samples - cut & paste from your log file will do very well with my request. I would appreciate if I'd receive a lot of samples, as this will enable me to create a better paper. Thanks, Rainer _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Thu Mar 11 2004 - 17:40:35 PST