[logs] ugliest application logs ever?

Andrew Hay andrewsmhay at gmail.com
Thu Jan 24 13:29:44 PST 2008 

I'm with Anton. I'm a big fan of name value pairs because they're clean and
easy to interpret. I also prefer tab delimiters because it's esthetically
pleasing :)

On 24/01/2008, Jason Lewis <jlewis at packetnexus.com> wrote:
>
> I don't know about ugly, but logs that are difficult to parse suck.
>
> Netscreen:
> messages:Dec 17 09:35:27 10.14.93.7 ns5xp: NetScreen device_id=ns5xp
> system-notification-00257(traffic): start_time="2002-12-17 09:40:18"
> duration=4 policy_id=0 service=tcp/port:8000 proto
> =6 src zone=Trust dst zone=Untrust action=Permit sent=715 rcvd=6561
> src=10.14.94.221 dst=10.14.90.217 src_port=1039 dst_port=8000 translated
> ip=10.14.93.7 port=1217
> messages:Dec 17 09:35:27 10.14.93.7 ns5xp: NetScreen device_id=ns5xp
> system-notification-00257(traffic): start_time="2002-12-17 09:40:18"
> duration=4 policy_id=0 service=tcp/port:8000 proto
> =6 src zone=Trust dst zone=Untrust action=Permit sent=651 rcvd=2782
> src=10.14.94.221 dst=10.14.90.217 src_port=1040 dst_port=8000 translated
> ip=10.14.93.7 port=1218
>
> There isn't a good delimiter to break the log up, so it requires an
> custom regex.  Trying to use a space is a nightmare.  Give me something
> so I can quickly grab only what I need. I like pipe delimited.
>
> jas
>
>
> Anton Chuvakin wrote:
> > All,
> >
> > Ah, long time - no post! :-)
> >
> > I wanted to turn this into a formal contest but figured I'd poll the
> > list first: what are the ugliest, most useless application logs that
> > you've seen? Logs that defy log analysis, that are full of numeric
> > codes not explained anywhere? Logs that don't say what they mean (and
> > vice versa)? Logs that omit the most critical piece of info?
> >
> > Here is my example:
> >
> > |22:22:32|BTC| 7|000|DDIC        |    |R49|Communication error, CPIC
> > return code 020, <application> return code 456
> >
> > Why it sux: numeric codes (twice), ambiguous language, no sense of
> > priority, etc.
> >
> > More?
> >
> > Best,
> >
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis at loganalysis.org
> http://www.loganalysis.org/mailman/listinfo/loganalysis
>



-- 
Andrew Hay
blog: http://www.andrewhay.ca
email: andrewsmhay || at || gmail.com
LinkedIn Profile: http://www.linkedin.com/in/andrewhay
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.loganalysis.org/pipermail/loganalysis/attachments/20080124/7aad7ac5/attachment-0001.html

More information about the LogAnalysis mailing list