Discussion:
[rsyslog] Is some tools like sequence analyze in lognormalizer?
chenlin rao via rsyslog
2018-11-06 12:40:43 UTC
Permalink
Hello, rsyslog-users:
I just find an interesting project named sequence in
https://github.com/zentures/sequence/tree/master/cmd/sequence. It can 'analyze
a log file and output a list of patterns that will match all the log
messages'.
And its document said that it's similar as libnormal, so, I want to
ask: can lognormalizer support analyze subcommand? Or there are some other
tools can do it?
It's so tired to write and modify lots of rulebases/patterns.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
David Lang
2018-11-06 21:09:25 UTC
Permalink
Post by chenlin rao via rsyslog
I just find an interesting project named sequence in
https://github.com/zentures/sequence/tree/master/cmd/sequence. It can 'analyze
a log file and output a list of patterns that will match all the log
messages'.
And its document said that it's similar as libnormal, so, I want to
ask: can lognormalizer support analyze subcommand? Or there are some other
tools can do it?
It's so tired to write and modify lots of rulebases/patterns.
There is nothing in liblognorm that will create patterns automatically. I would
have said that anything trying to do this would suffer horribly from false
positives. It would be interesting to adapt this tool to output liblognorm
rules.

David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Rainer Gerhards
2018-11-07 08:06:33 UTC
Permalink
Post by David Lang
Post by chenlin rao via rsyslog
I just find an interesting project named sequence in
https://github.com/zentures/sequence/tree/master/cmd/sequence. It can 'analyze
a log file and output a list of patterns that will match all the log
messages'.
And its document said that it's similar as libnormal, so, I want to
ask: can lognormalizer support analyze subcommand? Or there are some other
tools can do it?
It's so tired to write and modify lots of rulebases/patterns.
There is nothing in liblognorm that will create patterns automatically. I would
have said that anything trying to do this would suffer horribly from false
positives. It would be interesting to adapt this tool to output liblognorm
rules.
actually, I started such a tool. You can do very interesting things
with cluster analysis, especially as we know a lot of logging base
objects (like IP addresses, integers, up to formats like json). But
unfortunately I had no time to complete this (would have loved to...).

Rainer
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
David Lang
2018-11-07 17:41:32 UTC
Permalink
Post by Rainer Gerhards
Post by David Lang
Post by chenlin rao via rsyslog
I just find an interesting project named sequence in
https://github.com/zentures/sequence/tree/master/cmd/sequence. It can 'analyze
a log file and output a list of patterns that will match all the log
messages'.
And its document said that it's similar as libnormal, so, I want to
ask: can lognormalizer support analyze subcommand? Or there are some other
tools can do it?
It's so tired to write and modify lots of rulebases/patterns.
There is nothing in liblognorm that will create patterns automatically. I would
have said that anything trying to do this would suffer horribly from false
positives. It would be interesting to adapt this tool to output liblognorm
rules.
actually, I started such a tool. You can do very interesting things
with cluster analysis, especially as we know a lot of logging base
objects (like IP addresses, integers, up to formats like json). But
unfortunately I had no time to complete this (would have loved to...).
Is there enough of this to be worth making the source available for others to
tinker with?

David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
Loading...