[logs] regexless parsing, again?
Anton Chuvakin
anton at chuvakin.org
Mon Sep 24 15:30:30 PDT 2007
BTW, here is a patent for log management , which (among other things)
"explains" how to "parse" unknown logs, apparently with no manually
written regexes in sight...
http://www.freshpatents.com/System-and-method-for-analysis-and-management-of-logs-and-events-dt20060817ptan20060184529.php?type=description
"[0031] Another preferred embodiment of the present invention
describes a method for parsing log data with undefined grammar. The
method comprises the following steps: a) storing more than one pattern
object record of different grammar types, b) receiving at least a
portion of raw log data input from at least one computerized system,
c) identifying the delimiter of the portion of raw log data's grammar,
d) using the delimiter for generating a new pattern object
representing the grammar type of the log data, the new pattern object
comprising a list of terms, and e) storing the new pattern object. "
--
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
http://www.chuvakin.org
http://chuvakin.blogspot.com
http://www.info-secure.org
More information about the LogAnalysis
mailing list