Re^3: adaptive syslog message parsing

i admit, i lol'd when i read 'i couldn't resist..' i couldn't duplicate the output with the sample data using algorithm diff, it was similar but the new lines were off.. additionally, i have a more complete set of data that it doesn't output anything but one line (with the number 6 in parenthesis).. it looks pretty promising on the short set of sample data but i think it's confused with the big set of data (which happens to use fqdn instead of just hostname)

Comment on Re^3: adaptive syslog message parsing

Replies are listed 'Best First'.
Re^4: adaptive syslog message parsing by GrandFather (Saint) on Jun 07, 2007 at 19:54 UTC
I've performed a little data cleansing before adding lines - omitting empty lines seems to be the main fix! I also changed from using undef to '' in the diff code (Algorithm::Diff seemed unhappy with undefs) and tidied up the output a little. Read more... The complete cleaned up code (3 kB) Given the large data set prints in part: ... mail1-out.nyc.domain.com ntpd (169) *** Bad file descriptor postfix/smtp (2) warning: malformed domain name in resource data of MX +record for * (32) warning: no MX host for * has a valid address rec +ord (18) warning: numeric domain name in resource data of MX r +ecord for * 127.0.1.50 (2) warning: valid_hostname: empty hostname postfix/smtpd (7) warning: Illegal address syntax from * in RCPT com +mand: <jane@lulu.co $> sm-mta (2) * SYSERR(root): * config error: mail loops bac +k to me (MX problem?) syslog-ng (1) Changing permissions on special file /dev/console ... mail2-out.nyc.domain.com ntpd (168) * Bad file descriptor postfix/smtp (2) warning: malformed domain name in resource data of MX +record for * (25) warning: numeric domain name in resource data of MX r +ecord for * 10.0.0.2 (2) warning: valid_hostname: empty hostname sm-mta (1) l55DmFcQ022740: SYSERR(root): localhost.fabulous.com. +config error: mail loops back to me (MX problem?) syslog-ng (1) Changing permissions on special file /dev/console mail2-out.sfc.domain.com postfix/smtp (61) warning: malformed domain name in resource data of MX + record for *** (1) warning: no MX host for epm.net has a valid address re +cord (61) warning: valid_hostname: empty hostname [download] DWIM is Perl's answer to Gödel	[reply] [d/l] [select]

Replies are listed 'Best First'.

Re^4: adaptive syslog message parsing
by GrandFather (Saint) on Jun 07, 2007 at 19:54 UTC

I've performed a little data cleansing before adding lines - omitting empty lines seems to be the main fix! I also changed from using undef to '' in the diff code (Algorithm::Diff seemed unhappy with undefs) and tidied up the output a little.

Read more... The complete cleaned up code (3 kB)

Given the large data set prints in part:

...
mail1-out.nyc.domain.com
    ntpd
        (169)     ***** Bad file descriptor
    postfix/smtp
        (2)     warning: malformed domain name in resource data of MX 
+record for *****
        (32)     warning: no MX host for ***** has a valid address rec
+ord
        (18)     warning: numeric domain name in resource data of MX r
+ecord for ***** 127.0.1.50
        (2)     warning: valid_hostname: empty hostname
    postfix/smtpd
        (7)     warning: Illegal address syntax from ***** in RCPT com
+mand: <jane@lulu.co $>
    sm-mta
        (2)     ***** SYSERR(root): ***** config error: mail loops bac
+k to me (MX problem?)
    syslog-ng
        (1)     Changing permissions on special file /dev/console
...
mail2-out.nyc.domain.com
    ntpd
        (168)     ***** Bad file descriptor
    postfix/smtp
        (2)     warning: malformed domain name in resource data of MX 
+record for *****
        (25)     warning: numeric domain name in resource data of MX r
+ecord for ***** 10.0.0.2
        (2)     warning: valid_hostname: empty hostname
    sm-mta
        (1)     l55DmFcQ022740: SYSERR(root): localhost.fabulous.com. 
+config error: mail loops back to me (MX problem?)
    syslog-ng
        (1)     Changing permissions on special file /dev/console
mail2-out.sfc.domain.com
    postfix/smtp
        (61)     warning: malformed domain name in resource data of MX
+ record for *****
        (1)     warning: no MX host for epm.net has a valid address re
+cord
        (61)     warning: valid_hostname: empty hostname
[download]

DWIM is Perl's answer to Gödel

[reply]
[d/l]
[select]