[logs] regexless parsing, again?
Christina Noren
cfrln at cfrln.com
Fri Sep 14 15:40:04 PDT 2007
why do you care which vendor created the web access log if it's the
same format?
and why on earth would you build a system that accepts syslog input
without recording and being able to use the originating host's IP in
other logic?
On Sep 14, 2007, at 2:41 PM, Kinsley, Michael wrote:
> Consider the following:
> - You are receiving Web access logs from 2 different boxes (they
> stream to us over syslog)
> - Each server is from a different vendor.
> *These happen to be vendors that both said: "Hey, we
> will follow the W3C standard for our access logs".
>
> Can you devise a regular expression that can discriminate between
> vendor
> x logs and vendor y?
>
> Answer: Not without hard coding an IP Address or host name... and then
> we would need to store this "Meta-Information" somewhere else... and
> then we need a procedural language to go map and sort these results.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.loganalysis.org/pipermail/loganalysis/attachments/20070914/87b2c688/attachment-0001.html
More information about the LogAnalysis
mailing list