[syslog-ng] Pattern extraction

Anton Chuvakin anton at chuvakin.org
Sat Aug 14 03:00:26 CEST 2010 

> So, I must extract hundreds of pattern manually. :(

Not really hundreds, try tens of thousands. If you sit and watch a
busy syslog server for, say, 5 years,  some say you'd see a few
thousand or more of unique messages. Personally, I have not tried it,
but I trust the source.


> Regards
>
> --- On Fri, 13/8/10, Anton Chuvakin <anton at chuvakin.org> wrote:
>
> From: Anton Chuvakin <anton at chuvakin.org>
> Subject: Re: [syslog-ng] Pattern extraction
> To: "Syslog-ng users' and developers' mailing list" <syslog-ng at lists.balabit.hu>
> Date: Friday, 13 August, 2010, 7:18 PM
>
> > I dont know how can i extract pattern form logs, I must check every log type separately?, using pattern recognition methods? or using
> >pattern database (if exist for all aplication and device)?
>
> Well, this is not just you - it is "you and the rest of the world."
> The standard way is pretty much to manually (or with tools - but still
> mostly manually) write regular expressions for every distinct log
> message type.
>
> --
> Dr. Anton Chuvakin
> Site: http://www.chuvakin.org
> Blog: http://www.securitywarrior.org
> LinkedIn: http://www.linkedin.com/in/chuvakin
> Consulting: http://www.securitywarriorconsulting.com
> Twitter: @anton_chuvakin
> Google Voice: +1-510-771-7106
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>



--
Dr. Anton Chuvakin
Site: http://www.chuvakin.org
Blog: http://www.securitywarrior.org
LinkedIn: http://www.linkedin.com/in/chuvakin
Consulting: http://www.securitywarriorconsulting.com
Twitter: @anton_chuvakin
Google Voice: +1-510-771-7106

More information about the syslog-ng mailing list