Hi all, I got a couple of private messages asking if I could send a compiled list of the samples I received. So I think I post this: I intend to create a public page that holds the samples and that page will also serve as a reference for my paper. So, yes, it will be publically available. I just did not receive any actual samples by now ;) Rainer > -----Original Message----- > From: Rainer Gerhards > Sent: Tuesday, March 09, 2004 11:33 AM > To: loganalysis@private > Subject: [logs] Log Samples Requested > > Hi all, > > As some eventually know, I am trying to create a framework on how to > tackle diverse log sources in a generic way. I am doing research that > will hopefully lead to a generic understanding of log data as whole. > Currently, I am trying to describe real-world **syslog** data in a > generic sense. As of now, the paper has the following abstract (which > may change during the course of time for obvious reasons): > > ### > This paper describes the "nature" of syslog data. It looks at > how syslog > data is structured and what are the syntaxes and semantics of the log > data. The entities making up the log record are identified > and defined. > Syntaxes and semantics typically found are also described and defined. > The intension of this paper is to provide a theoretical model > describing > the structure of real-world log data. With such a theoretical model, > further work can be done to define a set of well-known log message > properties which in turn can be used to build generic log analysis > algorithms and tools. The theoretical model created in this > paper should > also enable the creation of log parsers that will parse individual log > messages into a generic format. > ### > > Of course, the paper will be publically available once finished. > > Having said this, on to my request: I would appreciate if the list > members (you!) could send me a few lines of their actual > syslog data. I > am NOT asking for full log samples. Just a few lines of > real-world data > would be sufficient, more than a few lines will probably overwhelm me. > Even a single line can do nicely. I am asking this because I would > simply like to see how different vendors *format* messages. > So I am not > actually interested in a lot of sample data but merely in > many different > small samples of different formats. I would appreciate if you > could also > let me know the software and version that produced the log record (and > the syslogd that recorded it). I would use this data to see if the > principles I have observed (and will describe in my paper) actually > apply to all samples I receive. If you need to sanitize your sample, > please leave the format intact - everything else I do not care about. > Most importantly, I will not run these samples through any automatted > process but will need to review them manually (thus a small amount is > much better than a large one). > > So, please, if you have some log data, send me (via private mail!!!) a > few sample lines. I think this is quite effortless for most > of you. I am > not asking for complete, big samples - cut & paste from your log file > will do very well with my request. > > I would appreciate if I'd receive a lot of samples, as this > will enable > me to create a better paper. > > Thanks, > Rainer > _______________________________________________ > LogAnalysis mailing list > LogAnalysis@private > http://lists.shmoo.com/mailman/listinfo/loganalysis > _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Fri Mar 12 2004 - 10:35:02 PST