[Dshield] Log parsing tools
Dotzero
dotzero at gmail.com
Wed Nov 14 18:07:00 GMT 2007
On 11/14/07, Pete Cap <peteoutside at yahoo.com> wrote:
> Hello all,
>
> Can I get some recommendations for parsing out different log formats?
>
> In the past I've worked from solution documentation to write perl scripts that can parse out interesting information into a relational structure. So I have a great script for, say, Apache logs, but I'd rather not write another one for IIS; I have one for the MySQL server, but not one for the Oracle server. And so on and so forth.
>
> I've tried using Sawmill in the past, but never had any sucess with it; I think at the time we were trying to analyze about 50g of Raptor logs, and while Sawmill claimed to be able to do this, it apparently tried to interpret them as some kind of web logs. I wound up parsing it out with perl and using mysql to store/fetch data for apriori-style mining, which worked, but took up valuable time.
>
> Hopefully someone has a better idea :)
>
> Best regards,
> Pete
>
>
Take a look at Splunk www.splunk.com
More information about the list
mailing list