[logs] regexless parsing, again?
Bill Scherr IV
bschnzl at cotse.net
Mon Sep 24 16:03:22 PDT 2007
Ummm...
How is a "pattern" different from a "regex"???
B.
Circa 15:30, 24 Sep 2007, a note, claiming source Anton Chuvakin <anton at chuvakin.org>, was sent to
me:
Date sent: Mon, 24 Sep 2007 15:30:30 -0700
From: "Anton Chuvakin" <anton at chuvakin.org>
To: loganalysis at loganalysis.org
Subject: Re: [logs] regexless parsing, again?
> BTW, here is a patent for log management , which (among other things)
> "explains" how to "parse" unknown logs, apparently with no manually
> written regexes in sight...
>
> http://www.freshpatents.com/System-and-method-for-analysis-and-managem
> ent-of-logs-and-events-dt20060817ptan20060184529.php?type=description
>
> "[0031] Another preferred embodiment of the present invention
> describes a method for parsing log data with undefined grammar. The
> method comprises the following steps: a) storing more than one pattern
> object record of different grammar types, b) receiving at least a
> portion of raw log data input from at least one computerized system,
> c) identifying the delimiter of the portion of raw log data's grammar,
> d) using the delimiter for generating a new pattern object
> representing the grammar type of the log data, the new pattern object
> comprising a list of terms, and e) storing the new pattern object. "
>
> --
> Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
> http://www.chuvakin.org
> http://chuvakin.blogspot.com
> http://www.info-secure.org
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis at loganalysis.org
> http://www.loganalysis.org/mailman/listinfo/loganalysis
Bill Scherr IV, GSEC, GCIA
Principal Security Engineer
EWA Information and Infrastructure Technologies
bscherr at iit-tek.com
bscherr at ewa.com
703-478-7608
More information about the LogAnalysis
mailing list