[logs] ugliest application logs ever?
Daniel Cid
dcid at ossec.net
Thu Jan 24 14:13:35 PST 2008
Oh no, the "last message repeated n times" is the worse one for sure! I ranted
about it in my blog a while back:
http://www.ossec.net/dcid/?p=119
As for fun logs, these I some I had the pleasure to encounter:
Aug 11 09:11:19 xx MSM-B HAS TAKEN OVER AS THE MASTER
Aug 11 09:11:19 xx Free Entry Not Available
Aug 11 09:11:19 xx null pif ? exit! 0
Thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net
On 1/24/08, Rainer Gerhards <rgerhards at hq.adiscon.com> wrote:
> > > "Last message repeated" is always good, but oh, this is SO mine to
> win! ;)
>
> Actually, IMHO, the "Last message repeated n times" is not as bad as it
> sounds. It means that message immediately in front of it must be
> repeated n times when you run an analysis. Of course, you loose the
> timestamp of those previous n messages, but everything else is inact
> (else you wouldn't get that "repeated" message...).
>
> Some folks really like this message because it keeps their logs clean of
> repeated stuff (and it may save a lot of space if somtehing runs wild).
>
> Of course, there are many cases where the repeat logic does not make
> much sense. There are even cases where it makes no sense at all with a
> given output. Thus, with rsyslog ( http://www.rsyslog.com ), three is a
> simple -e (every) option that turns off this feature. Some outputs also
> disable it (for them) automatically, because they can not work well
> enough with that feature (I think the database writer turns it off, but
> I need to look that up...
>
> Well... Not an answer to the original question. Maybe my mumbling can be
> added to the useless message case ;)
>
> Rainer
>
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis at loganalysis.org
> http://www.loganalysis.org/mailman/listinfo/loganalysis
>
More information about the LogAnalysis
mailing list