Re: adaptive syslog message parsing

Have you considered using syslog-ng instead of syslog? You can do content filtering in quite flexible ways at a higher level, and you can create reusable configuration .. That way you can split which messages you really *want* to read into several files and throw away the rest. I'd imagine this approach would be easier to maintain than doing it with regexps.

Comment on Re: adaptive syslog message parsing

Replies are listed 'Best First'.
Re^2: adaptive syslog message parsing by Anonymous Monk on Jun 08, 2007 at 15:57 UTC
we actually do use syslog-ng on most hosts, all those entries were the result of syslog-ng logging.. the main goal is having a centralized place to look at it for all messages, informative and otherwise, and a way to cut down on the false positives.. by performing this "smart-regex" with summarization/generalization, hopefully it will give a singular viewpoint for how to respond to the ones that are found to actually need response (how severe an error is however can't be calculated by any program, and needs sysadmin intervention).. the last part is what my script aims to solve	[reply]

Replies are listed 'Best First'.

Re^2: adaptive syslog message parsing
by Anonymous Monk on Jun 08, 2007 at 15:57 UTC

the main goal is having a centralized place to look at it for all messages, informative and otherwise, and a way to cut down on the false positives.. by performing this "smart-regex" with summarization/generalization, hopefully it will give a singular viewpoint for how to respond to the ones that are found to actually need response (how severe an error is however can't be calculated by any program, and needs sysadmin intervention).. the last part is what my script aims to solve

[reply]