[Dshield] Log parsing tools
Pete Cap
peteoutside at yahoo.com
Wed Nov 14 10:15:22 GMT 2007
Hello all,
Can I get some recommendations for parsing out different log formats?
In the past I've worked from solution documentation to write perl scripts that can parse out interesting information into a relational structure. So I have a great script for, say, Apache logs, but I'd rather not write another one for IIS; I have one for the MySQL server, but not one for the Oracle server. And so on and so forth.
I've tried using Sawmill in the past, but never had any sucess with it; I think at the time we were trying to analyze about 50g of Raptor logs, and while Sawmill claimed to be able to do this, it apparently tried to interpret them as some kind of web logs. I wound up parsing it out with perl and using mysql to store/fetch data for apriori-style mining, which worked, but took up valuable time.
Hopefully someone has a better idea :)
Best regards,
Pete
---------------------------------
Be a better pen pal. Text or chat with friends inside Yahoo! Mail. See how.
More information about the list
mailing list