[Lognorm] Identifying message types
Wladimir van der Laan
laanwj at gmail.com
Mon Mar 21 18:59:53 CET 2011
Hello,
I have a question about the usage of lognorm. As I understand, the program
extracts data fields from log messages in text format, by means of examples
from a ruleset file. The output is represented as metadata key/value pairs.
But as far as I can see, it outputs no identifier as to what kind of message
the log line represents. For automated log processing, one would also need
to identify the message, for example, as failed authentication, or dhcp
request, etc.
Am I overlooking something? Is it possible to add a message type field in a
ruleset?
Greetings,
Wladimir
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.adiscon.net/pipermail/lognorm/attachments/20110321/de65db67/attachment.htm>
More information about the Lognorm
mailing list