[logs] ugliest application logs ever?
David Corlette
DCorlette at novell.com
Thu Jan 24 06:18:48 PST 2008
Hi all,
Quite frankly, your ugly logs are all amateur attempts at ugly logs ;-) HERE is the ugliest log of all time:
Sep 27 22:09:47 sles10sp1oes oesaudit: type=SYSCALL msg=audit(09/27/07 22:09:45.683:318) : arch=i386 syscall=open success=yes exit=3 a0=80e3f08 a1=18800 a2=10 a3=80e3f08 items=1 ppid=12894 pid=12899 auid=unknown(4294967295) uid=user1 gid=admingroup euid=user1 suid=user1 fsuid=user1 egid=admingroup sgid=admingroup fsgid=admingroup tty=pts2 comm=bash exe=/bin/bash subj=unconstrained key=(null)
Sep 27 22:09:47 sles10sp1oes oesaudit: type=CWD msg=audit(09/27/07 22:09:45.683:318) : cwd=/home/user1
Sep 27 22:09:47 sles10sp1oes oesaudit: type=PATH msg=audit(09/27/07 22:09:45.683:318) : item=0 name=. inode=120549 dev=03:02 mode=dir,755 ouid=user1 ogid=admingroup rdev=00:00
Sep 27 22:09:47 sles10sp1oes oesaudit: ----
This is "File open" under OES2 (the Linux Auditing Framework).
>>> On Wed, Jan 23, 2008 at 9:14 PM, in message
<b2591e2e0801231814l46dd8c3eqd083549ab0ec2360 at mail.gmail.com>, "Anton Chuvakin"
<anton at chuvakin.org> wrote:
> All,
>
> Ah, long time - no post! :-)
>
> I wanted to turn this into a formal contest but figured I'd poll the
> list first: what are the ugliest, most useless application logs that
> you've seen? Logs that defy log analysis, that are full of numeric
> codes not explained anywhere? Logs that don't say what they mean (and
> vice versa)? Logs that omit the most critical piece of info?
>
> Here is my example:
>
> |22:22:32|BTC| 7|000|DDIC | |R49|Communication error, CPIC
> return code 020, <application> return code 456
>
> Why it sux: numeric codes (twice), ambiguous language, no sense of
> priority, etc.
>
> More?
>
> Best,
More information about the LogAnalysis
mailing list