[Dshield] Cisco 806

Wayne Larmon wlarmon at dshield.org
Wed Mar 5 12:14:37 GMT 2003


> Wayne Larmon wrote:
>
> > Jeff, what more does the existing Perl client need?  And can I
> help?  The
> > Cisco client got to its current state by me adding regexes for
> all the Cisco
> > sample log lines that people sent me.   Are you saying that it
> needs more
> > regexes to match different types of lines?
>
> Yes, mostly PIX.  Actually, IOS has[/will have] XML logging as an
> option, which would make parsing easier :-)

Could you send me some sample log lines that currently aren't being parsed
correctly?

And how will XML logging make parsing easier?  In my experience, XML makes
files considerably larger, slower to process, and has no increase in
functionality over the old standard methods of formatting logs (and other
data.)

XML data files are all gibberish until both sides agree on how the data
items are to be formatted and what each data item means.   Which is the same
sitation with the old methods of data interchange, such as plain ASCII tab
delimited files, except that tab delimited files are much smaller and faster
to process.  There is a possible exception when we are talking complex
documents (Word processing, etc.), but this isn't the case with data logs,
where the content is rigidly defined.  IMO.

Wayne Larmon
DShield.org




More information about the list mailing list