Hi, This paper might be helpful - or it might contain already known things ;) http://www.monitorware.com/en/workinprogress/nature-of-syslog-data.php It outlines an approach to build a generic parser that can be used on a common logging (semantic) map. There is no open source implementation of it I am aware of nor does it define a semantic map. Eventually, it might still turn out to be helpful ;) Rainer > -----Original Message----- > From: > loganalysis-bounces+rgerhards=hq.adiscon.com@private > [mailto:loganalysis-bounces+rgerhards=hq.adiscon.com@private > oo.com] On Behalf Of Ivan Ristic > Sent: Thursday, February 24, 2005 11:43 AM > To: loganalysis@private > Subject: [logs] Event normalization standards? > > > Hi, > > I'll be building a log collection and processing tool oriented mainly > toward web applications. Since the underlying technology is the > same no matter of the actual purpose I am considering to allow for > some sort of event normalization to be added later. > > I have been trying to find information on event normalization on the > Web and in the mailing list archives without success. Finally > I decided to ask the question here: > > Are there any event normalization standards or open implementations > I should be aware of? > > > PS. While I am here: I wrote several log analysis scripts for the > logging chapter of my book. They are now available for download at > http://www.apachesecurity.net. I am sure it will be of interest. The > following scripts are related to logging: > > error_log_ai - artificial ignorance for web server logs > > logscan - handy script to make searching through web server > logs easier > > mod_globalerror.c - Apache 2 module to duplicate the error log to > a central location (when Apache is configured to > split them into per-virtual host files). > > Any type of feedback is appreciated. Time permitting, I will continue > to enhance these tools. > > Also (I don't know if it has been mentioned before), mod_security > (Apache module) allows for full request body logging, which makes it > handy to log the attacks that happen in POST bodies and such. > > -- > Ivan Ristic > Apache Security (O'Reilly) - http://www.apachesecurity.net > Open source web application firewall - http://www.modsecurity.org > > > > > _______________________________________________ > LogAnalysis mailing list > LogAnalysis@private > http://lists.shmoo.com/mailman/listinfo/loganalysis > _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Thu Feb 24 2005 - 16:54:34 PST