Parsing syslog file output

From: Jon Boone
Subject: Parsing syslog file output
Date: Fri, 12 May 2006 03:19:14 +0000
Message-ID: <m34pzw53rh.fsf@amicus.local>

Folks,

  I'm curious as to what people here would recommend for parsing
  syslog output.

  A few years ago, I wrote a script in perl to parse syslog messages
  where the text of the message was in an application specific
  format.  I did not use regexs for this parser, but, instead parsed
  the line statefully.

  Recently, I found a perl module for parsing syslog output that tries
  to be more general than mine was and it uses regexs to try to
  accomplish this.

  If you were writing such a module in CL, would you use something
  like CL-PPCRE regexs?

--jon

Re: Parsing syslog file output ···········@gmail.com
Re: Parsing syslog file output Pascal Bourguignon
- Re: Parsing syslog file output Jon Boone

From: ···········@gmail.com
Subject: Re: Parsing syslog file output
Date: Fri, 12 May 2006 06:52:49 +0000
Message-ID: <1147416769.575881.203260@i39g2000cwa.googlegroups.com>

Jon Boone wrote:
> Folks,
>
>   I'm curious as to what people here would recommend for parsing
>   syslog output.

LoGS by Jim Prewett.  http://savannah.nongnu.org/projects/logs/

>   Recently, I found a perl module for parsing syslog output that tries
>   to be more general than mine was and it uses regexs to try to
>   accomplish this.

Which one?

>   If you were writing such a module in CL, would you use something
>   like CL-PPCRE regexs?

Yes.  LoGS uses CL-PPCRE, as a matter of fact :-)

Cheers
Vijay

From: Pascal Bourguignon
Subject: Re: Parsing syslog file output
Date: Fri, 12 May 2006 04:02:03 +0000
Message-ID: <87psij6gck.fsf@thalassa.informatimago.com>

Jon Boone <········@delamancha.org> writes:

> Folks,
>
>   I'm curious as to what people here would recommend for parsing
>   syslog output.
>
>   A few years ago, I wrote a script in perl to parse syslog messages
>   where the text of the message was in an application specific
>   format.  I did not use regexs for this parser, but, instead parsed
>   the line statefully.
>
>   Recently, I found a perl module for parsing syslog output that tries
>   to be more general than mine was and it uses regexs to try to
>   accomplish this.
>
>   If you were writing such a module in CL, would you use something
>   like CL-PPCRE regexs?

Why?  Don't your applications log sexps?

[···@thalassa nlp]$ sudo tail -200 /var/log/messages|grep matrix
May 12 06:00:39 thalassa matrix: (transaction begins :user (admin :name "Smith" :ip 10.0.0.142) :request (destroy :user (root :name "Neo"))


-- 
__Pascal Bourguignon__                     http://www.informatimago.com/
Small brave carnivores
Kill pine cones and mosquitoes
Fear vacuum cleaner

From: Jon Boone
Subject: Re: Parsing syslog file output
Date: Fri, 12 May 2006 09:56:15 +0000
Message-ID: <m3k68rbm80.fsf@amicus.local>

Pascal Bourguignon <···@informatimago.com> writes:

> Why?  Don't your applications log sexps?

  Sadly, the applications are written by other people who don't care
  to log in s-exp format.

--jon