So, I must extract hundreds of pattern manually. :(
Not really hundreds, try tens of thousands. If you sit and watch a busy syslog server for, say, 5 years, some say you'd see a few thousand or more of unique messages. Personally, I have not tried it, but I trust the source.
Regards
--- On Fri, 13/8/10, Anton Chuvakin <anton@chuvakin.org> wrote:
From: Anton Chuvakin <anton@chuvakin.org> Subject: Re: [syslog-ng] Pattern extraction To: "Syslog-ng users' and developers' mailing list" <syslog-ng@lists.balabit.hu> Date: Friday, 13 August, 2010, 7:18 PM
I dont know how can i extract pattern form logs, I must check every log type separately?, using pattern recognition methods? or using pattern database (if exist for all aplication and device)?
Well, this is not just you - it is "you and the rest of the world." The standard way is pretty much to manually (or with tools - but still mostly manually) write regular expressions for every distinct log message type.
-- Dr. Anton Chuvakin Site: http://www.chuvakin.org Blog: http://www.securitywarrior.org LinkedIn: http://www.linkedin.com/in/chuvakin Consulting: http://www.securitywarriorconsulting.com Twitter: @anton_chuvakin Google Voice: +1-510-771-7106 ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- Dr. Anton Chuvakin Site: http://www.chuvakin.org Blog: http://www.securitywarrior.org LinkedIn: http://www.linkedin.com/in/chuvakin Consulting: http://www.securitywarriorconsulting.com Twitter: @anton_chuvakin Google Voice: +1-510-771-7106