Hi List, While my request for log samples did not yield many samples (even more thanks to those who send some :)), it raised many points ... points I actually try to address in my paper. After some thinking, I guess it is the best idea to release the paper in the state it currently has. Please note, however, that it may be totally nonsense, uselesss or stating just well-known facts or whatever else that makes me look like the fool that I probably be ;) If you intend to use it, use it with care. Of course, I appreciate comments on that paper. And it may even make you send some really weird log samples that you think it can not address (I think I already got at least one of such - at least one that makes me think something is missing...). The paper is available here: http://www.monitorware.com/en/workinprogress/nature-of-syslog-data.asp I would also like to tell you *why* I have writte it. I am of the firm believe that we can come to better log analysers if only we understand the nature of the log data better. Once we understand it better (and have it well defined), it is probably easier to transform it into common format, formtat that then log analysers can operate on. Please also note that the paper *just* talks about the *content* of log data. There is another dimension, the *arrival (or recpetion) rate* of log data. In my belief, this can also be used to draw conclusion, but that is an entirely different topic. I plan to do some work on this later and after that some work to combine those both things... But let's focus on today's problems, today ;) Thanks, Rainer _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Mon Mar 15 2004 - 10:04:00 PST