Download file name: liblognorm 0.3.6
liblognorm 0.3.6
sha256 hash: e2cf27027905c7be91c891b5ac9304a88a5c1981cd36011c84b45de29336b111
Author: Rainer Gerhards (rgerhards@adiscon.com)
Version: 0.3.6 File size: 0.315 MB
liblognorm 0.3.6
sha256 hash: e2cf27027905c7be91c891b5ac9304a88a5c1981cd36011c84b45de29336b111
Author: Rainer Gerhards (rgerhards@adiscon.com)
Version: 0.3.6 File size: 0.315 MB
When trying to normalize log messages via liblognorm and mmnormalize, you need to create a rulebase first. The rulebase is usually a representation of message formats.
Due to the format of these rules, it is necessary to be cautious. Some messages and rule necessities could possibly cause confusion to the configuration interpreter. This mainly applies to clear text passages in single rules.
For example, if you have a log message from a Cisco ASA, the message looks like this:
2012-11-23T10:47:42+01:00 10.10.10.10 : %ASA-3-313001: ...
The only interesting parts are the IP and the numerical code to identify the message. We are not interested in the timestamp or “%ASA”. But when making the rule, the trouble starts there. The percent character is also used to define variables and their values in a rule. Thus it needs to be escaped. This is done with the ASCII code representation of the percent character. The rule would look like this:
rule=: %date:word% %host:ipv4% : x25ASA-%char1:char-to:-%-%char2:number%: ...
If you write “%ASA” into the rule, the interpreter will think, that a new variable starts there. This will cause confusion to the rest of the rule and render it not working correctly. This needs to be avoided.
The same applies to “:”. But this time, it needs to be escaped when using it as delimiter vor variables. Example:
%variable:char-to:x3a%
This will fill “variable” with everything until the next “:” occurs. If you just put a “:” here as a delimiter, the rule will not work anymore.
We have just released liblognorm 0.3.5.
Changes
Version 0.3.5 (rgerhards), 2012-09-18
Download:
http://www.liblognorm.com/download/liblognorm-0-3-5/
As always, feedback is appreciated.
Best regards,
Florian Riedl
liblognorm 0.3.5
sha256 hash: 5714f145b379adb64fe1d87ea6adec9e8d91e5fe1bc0654febb85960dc34dd06
Author: Rainer Gerhards (rgerhards@adiscon.com)
Version: 0.3.5 File size: 0.315 MB
We have just released liblognorm 0.3.4.
This is a bug fixing release, targeting a single bug that prevented building on many platforms.
Changes:
Version 0.3.4 (rgerhards), 2012-04-16
Download:
http://www.liblognorm.com/download/liblognorm-0-3-4/
As always, feedback is appreciated.
Best regards,
Florian Riedl
liblognorm 0.3.4
md5sum: d9943c1691d8953b13956d61ae8caa03
Author: Rainer Gerhards (rgerhards@adiscon.com)
Version: 0.3.4 File size: 0.315 MB
We have just released liblognorm 0.3.3.
This release is for bugfixing purposes only.
Changes:
Version 0.3.3 (rgerhards), 2012-02-06
Download:
http://www.liblognorm.com/files/download/liblognorm-0.3.3.tar.gz
As always, feedback is appreciated.
Best regards,
Florian Riedl
liblognorm 0.3.3
md5sum: 7bdc54f609c77ba3d704c606be34e4b6
Author: Rainer Gerhards (rgerhards@adiscon.com)
Version: 0.3.3 File size: 0.322 MB
liblognorm 0.3.2
md5sum: 0e9af07299eb7f1a4622c0b373bf68b9
Author: Rainer Gerhards (rgerhards@adiscon.com)
Version: 0.3.2 File size: 0.326 MB
We have just released liblognorm 0.3.2.
This release includes a new major features.
Changes:
Version 0.3.2 (rgerhards), 2011-11-21
Download:
http://www.liblognorm.com/files/download/liblognorm-0.3.2.tar.gz
As always, feedback is appreciated.
Best regards,
Florian Riedl