[logs] regexless parsing, again?
Eric Fitzgerald
Eric.Fitzgerald at microsoft.com
Thu Sep 27 09:41:44 PDT 2007
The terms "obvious" and "prior art" come to mind.
Here's an IEEE paper dating 2 years prior to the patent application detailing a method for automated identification of delimiters in unknown file formats:
http://ieeexplore.ieee.org/iel5/8854/27998/01250920.pdf?code=2
I'm sure spending time for more than one web search would yield even closer results.
-----Original Message-----
From: loganalysis-bounces at loganalysis.org [mailto:loganalysis-bounces at loganalysis.org] On Behalf Of Anton Chuvakin
Sent: Monday, September 24, 2007 3:31 PM
To: loganalysis at loganalysis.org
Subject: Re: [logs] regexless parsing, again?
BTW, here is a patent for log management , which (among other things)
"explains" how to "parse" unknown logs, apparently with no manually
written regexes in sight...
http://www.freshpatents.com/System-and-method-for-analysis-and-management-of-logs-and-events-dt20060817ptan20060184529.php?type=description
"[0031] Another preferred embodiment of the present invention
describes a method for parsing log data with undefined grammar. The
method comprises the following steps: a) storing more than one pattern
object record of different grammar types, b) receiving at least a
portion of raw log data input from at least one computerized system,
c) identifying the delimiter of the portion of raw log data's grammar,
d) using the delimiter for generating a new pattern object
representing the grammar type of the log data, the new pattern object
comprising a list of terms, and e) storing the new pattern object. "
--
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
http://www.chuvakin.org
http://chuvakin.blogspot.com
http://www.info-secure.org
_______________________________________________
LogAnalysis mailing list
LogAnalysis at loganalysis.org
http://www.loganalysis.org/mailman/listinfo/loganalysis
More information about the LogAnalysis
mailing list