# lognormalizer -v -r test.rulebase liblognorm: read sample line: 'prefix=%date:date-rfc3164%' liblognorm: read sample line: 'rule=: %%SYS-5-CONFIG_I: Configured from console by console' liblognorm: sample line to add: ': %%SYS-5-CONFIG_I: Configured from console by console' liblognorm: addSampToTree 0 of 72 liblognorm: parsed field: 'date' liblognorm: got new subtree 0x9b8d80 liblognorm: prev subtree 0x9b8060 liblognorm: new subtree 0x9b8d80 liblognorm: addSampToTree 19 of 72 liblognorm: parsed literal: ' %SYS-5-CONFIG_I: Configured from console by console' liblognorm: buildPTree: begin at 0x9b8d80, offs 0 liblognorm: case 3.1 liblognorm: addPTree: offs 0 liblognorm: setPrefix lenBuf 52, offs 0 liblognorm: end addSampToTree 72 of 72 liblognorm: read sample line: 'rule=: %%SYS-5-CONFIG_I: Configured from console by vty%-:number% (%cisco.ip:ipv4%)' liblognorm: sample line to add: ': %%SYS-5-CONFIG_I: Configured from console by vty%-:number% (%cisco.ip:ipv4%)' liblognorm: addSampToTree 0 of 96 liblognorm: parsed field: 'date' liblognorm: got new subtree 0x9b9720 liblognorm: merging with tree 0x9b8d80 liblognorm: addSampToTree 19 of 96 liblognorm: parsed literal: ' %SYS-5-CONFIG_I: Configured from console by vty' liblognorm: buildPTree: begin at 0x9b8d80, offs 0 liblognorm: buildPTree: tree 0x9b8d80, i 0, char ' ' liblognorm: buildPTree: tree 0x9b8d80, i 1, char '%' liblognorm: buildPTree: tree 0x9b8d80, i 2, char 'S' liblognorm: buildPTree: tree 0x9b8d80, i 3, char 'Y' liblognorm: buildPTree: tree 0x9b8d80, i 4, char 'S' liblognorm: buildPTree: tree 0x9b8d80, i 5, char '-' liblognorm: buildPTree: tree 0x9b8d80, i 6, char '5' liblognorm: buildPTree: tree 0x9b8d80, i 7, char '-' liblognorm: buildPTree: tree 0x9b8d80, i 8, char 'C' liblognorm: buildPTree: tree 0x9b8d80, i 9, char 'O' liblognorm: buildPTree: tree 0x9b8d80, i 10, char 'N' liblognorm: buildPTree: tree 0x9b8d80, i 11, char 'F' liblognorm: buildPTree: tree 0x9b8d80, i 12, char 'I' liblognorm: buildPTree: tree 0x9b8d80, i 13, char 'G' liblognorm: buildPTree: tree 0x9b8d80, i 14, char '_' liblognorm: buildPTree: tree 0x9b8d80, i 15, char 'I' liblognorm: buildPTree: tree 0x9b8d80, i 16, char ':' liblognorm: buildPTree: tree 0x9b8d80, i 17, char ' ' liblognorm: buildPTree: tree 0x9b8d80, i 18, char 'C' liblognorm: buildPTree: tree 0x9b8d80, i 19, char 'o' liblognorm: buildPTree: tree 0x9b8d80, i 20, char 'n' liblognorm: buildPTree: tree 0x9b8d80, i 21, char 'f' liblognorm: buildPTree: tree 0x9b8d80, i 22, char 'i' liblognorm: buildPTree: tree 0x9b8d80, i 23, char 'g' liblognorm: buildPTree: tree 0x9b8d80, i 24, char 'u' liblognorm: buildPTree: tree 0x9b8d80, i 25, char 'r' liblognorm: buildPTree: tree 0x9b8d80, i 26, char 'e' liblognorm: buildPTree: tree 0x9b8d80, i 27, char 'd' liblognorm: buildPTree: tree 0x9b8d80, i 28, char ' ' liblognorm: buildPTree: tree 0x9b8d80, i 29, char 'f' liblognorm: buildPTree: tree 0x9b8d80, i 30, char 'r' liblognorm: buildPTree: tree 0x9b8d80, i 31, char 'o' liblognorm: buildPTree: tree 0x9b8d80, i 32, char 'm' liblognorm: buildPTree: tree 0x9b8d80, i 33, char ' ' liblognorm: buildPTree: tree 0x9b8d80, i 34, char 'c' liblognorm: buildPTree: tree 0x9b8d80, i 35, char 'o' liblognorm: buildPTree: tree 0x9b8d80, i 36, char 'n' liblognorm: buildPTree: tree 0x9b8d80, i 37, char 's' liblognorm: buildPTree: tree 0x9b8d80, i 38, char 'o' liblognorm: buildPTree: tree 0x9b8d80, i 39, char 'l' liblognorm: buildPTree: tree 0x9b8d80, i 40, char 'e' liblognorm: buildPTree: tree 0x9b8d80, i 41, char ' ' liblognorm: buildPTree: tree 0x9b8d80, i 42, char 'b' liblognorm: buildPTree: tree 0x9b8d80, i 43, char 'y' liblognorm: buildPTree: tree 0x9b8d80, i 44, char ' ' liblognorm: case 2, i=45, ipfix=45 liblognorm: splitTree 0x9b8d80 at offs 45 liblognorm: setPrefix lenBuf 45, offs 0 liblognorm: splitTree new tree 0x9b9f70 lenPrefix=45, char 'à' liblognorm: splitTree new case one bb, offs 45, lenPrefix 52, newlen 6 liblognorm: pre addPTree: i 45 liblognorm: addPTree: offs 45 liblognorm: addPTree: add 'vty', offs 45, tree 0x9b9f70 liblognorm: setPrefix lenBuf 2, offs 0 liblognorm: addSampToTree 68 of 96 liblognorm: parsed field: '-' liblognorm: got new subtree 0x9bb010 liblognorm: prev subtree 0x9ba7c0 liblognorm: new subtree 0x9bb010 liblognorm: addSampToTree 78 of 96 liblognorm: parsed literal: ' (' liblognorm: buildPTree: begin at 0x9bb010, offs 0 liblognorm: case 3.1 liblognorm: addPTree: offs 0 liblognorm: setPrefix lenBuf 2, offs 0 liblognorm: addSampToTree 80 of 96 liblognorm: parsed field: 'cisco.ip' liblognorm: got new subtree 0x9bb8a0 liblognorm: prev subtree 0x9bb010 liblognorm: new subtree 0x9bb8a0 liblognorm: addSampToTree 95 of 96 liblognorm: parsed literal: ')' liblognorm: buildPTree: begin at 0x9bb8a0, offs 0 liblognorm: case 3.1 liblognorm: addPTree: offs 0 liblognorm: setPrefix lenBuf 1, offs 0 liblognorm: end addSampToTree 96 of 96 liblognorm: read sample line: 'rule=: %%SYS-5-CONFIG_I: Configured from console by %cisco.user:word% on vty%-:number% (%cisco.ip:ipv4%)' liblognorm: sample line to add: ': %%SYS-5-CONFIG_I: Configured from console by %cisco.user:word% on vty%-:number% (%cisco.ip:ipv4%)' liblognorm: addSampToTree 0 of 117 liblognorm: parsed field: 'date' liblognorm: got new subtree 0x9bc240 liblognorm: merging with tree 0x9b9f70 liblognorm: addSampToTree 19 of 117 liblognorm: parsed literal: ' %SYS-5-CONFIG_I: Configured from console by ' liblognorm: buildPTree: begin at 0x9b9f70, offs 0 liblognorm: buildPTree: tree 0x9b9f70, i 0, char ' ' liblognorm: buildPTree: tree 0x9b9f70, i 1, char '%' liblognorm: buildPTree: tree 0x9b9f70, i 2, char 'S' liblognorm: buildPTree: tree 0x9b9f70, i 3, char 'Y' liblognorm: buildPTree: tree 0x9b9f70, i 4, char 'S' liblognorm: buildPTree: tree 0x9b9f70, i 5, char '-' liblognorm: buildPTree: tree 0x9b9f70, i 6, char '5' liblognorm: buildPTree: tree 0x9b9f70, i 7, char '-' liblognorm: buildPTree: tree 0x9b9f70, i 8, char 'C' liblognorm: buildPTree: tree 0x9b9f70, i 9, char 'O' liblognorm: buildPTree: tree 0x9b9f70, i 10, char 'N' liblognorm: buildPTree: tree 0x9b9f70, i 11, char 'F' liblognorm: buildPTree: tree 0x9b9f70, i 12, char 'I' liblognorm: buildPTree: tree 0x9b9f70, i 13, char 'G' liblognorm: buildPTree: tree 0x9b9f70, i 14, char '_' liblognorm: buildPTree: tree 0x9b9f70, i 15, char 'I' liblognorm: buildPTree: tree 0x9b9f70, i 16, char ':' liblognorm: buildPTree: tree 0x9b9f70, i 17, char ' ' liblognorm: buildPTree: tree 0x9b9f70, i 18, char 'C' liblognorm: buildPTree: tree 0x9b9f70, i 19, char 'o' liblognorm: buildPTree: tree 0x9b9f70, i 20, char 'n' liblognorm: buildPTree: tree 0x9b9f70, i 21, char 'f' liblognorm: buildPTree: tree 0x9b9f70, i 22, char 'i' liblognorm: buildPTree: tree 0x9b9f70, i 23, char 'g' liblognorm: buildPTree: tree 0x9b9f70, i 24, char 'u' liblognorm: buildPTree: tree 0x9b9f70, i 25, char 'r' liblognorm: buildPTree: tree 0x9b9f70, i 26, char 'e' liblognorm: buildPTree: tree 0x9b9f70, i 27, char 'd' liblognorm: buildPTree: tree 0x9b9f70, i 28, char ' ' liblognorm: buildPTree: tree 0x9b9f70, i 29, char 'f' liblognorm: buildPTree: tree 0x9b9f70, i 30, char 'r' liblognorm: buildPTree: tree 0x9b9f70, i 31, char 'o' liblognorm: buildPTree: tree 0x9b9f70, i 32, char 'm' liblognorm: buildPTree: tree 0x9b9f70, i 33, char ' ' liblognorm: buildPTree: tree 0x9b9f70, i 34, char 'c' liblognorm: buildPTree: tree 0x9b9f70, i 35, char 'o' liblognorm: buildPTree: tree 0x9b9f70, i 36, char 'n' liblognorm: buildPTree: tree 0x9b9f70, i 37, char 's' liblognorm: buildPTree: tree 0x9b9f70, i 38, char 'o' liblognorm: buildPTree: tree 0x9b9f70, i 39, char 'l' liblognorm: buildPTree: tree 0x9b9f70, i 40, char 'e' liblognorm: buildPTree: tree 0x9b9f70, i 41, char ' ' liblognorm: buildPTree: tree 0x9b9f70, i 42, char 'b' liblognorm: buildPTree: tree 0x9b9f70, i 43, char 'y' liblognorm: buildPTree: tree 0x9b9f70, i 44, char ' ' liblognorm: case 1.1 liblognorm: addSampToTree 65 of 117 liblognorm: parsed field: 'cisco.user' liblognorm: got new subtree 0x9bca90 liblognorm: prev subtree 0x9b9f70 liblognorm: new subtree 0x9bca90 liblognorm: addSampToTree 82 of 117 liblognorm: parsed literal: ' on vty' liblognorm: buildPTree: begin at 0x9bca90, offs 0 liblognorm: case 3.1 liblognorm: addPTree: offs 0 liblognorm: setPrefix lenBuf 7, offs 0 liblognorm: addSampToTree 89 of 117 liblognorm: parsed field: '-' liblognorm: got new subtree 0x9bd2e0 liblognorm: prev subtree 0x9bca90 liblognorm: new subtree 0x9bd2e0 liblognorm: addSampToTree 99 of 117 liblognorm: parsed literal: ' (' liblognorm: buildPTree: begin at 0x9bd2e0, offs 0 liblognorm: case 3.1 liblognorm: addPTree: offs 0 liblognorm: setPrefix lenBuf 2, offs 0 liblognorm: addSampToTree 101 of 117 liblognorm: parsed field: 'cisco.ip' liblognorm: got new subtree 0x9bdb70 liblognorm: prev subtree 0x9bd2e0 liblognorm: new subtree 0x9bdb70 liblognorm: addSampToTree 116 of 117 liblognorm: parsed literal: ')' liblognorm: buildPTree: begin at 0x9bdb70, offs 0 liblognorm: case 3.1 liblognorm: addPTree: offs 0 liblognorm: setPrefix lenBuf 1, offs 0 liblognorm: end addSampToTree 117 of 117 liblognorm: read sample line: 'rule=: %%SYS-5-CONFIG_I: Configured from console by %cisco.user:word% on console' liblognorm: sample line to add: ': %%SYS-5-CONFIG_I: Configured from console by %cisco.user:word% on console' liblognorm: addSampToTree 0 of 93 liblognorm: parsed field: 'date' liblognorm: got new subtree 0x9be420 liblognorm: merging with tree 0x9b9f70 liblognorm: addSampToTree 19 of 93 liblognorm: parsed literal: ' %SYS-5-CONFIG_I: Configured from console by ' liblognorm: buildPTree: begin at 0x9b9f70, offs 0 liblognorm: buildPTree: tree 0x9b9f70, i 0, char ' ' liblognorm: buildPTree: tree 0x9b9f70, i 1, char '%' liblognorm: buildPTree: tree 0x9b9f70, i 2, char 'S' liblognorm: buildPTree: tree 0x9b9f70, i 3, char 'Y' liblognorm: buildPTree: tree 0x9b9f70, i 4, char 'S' liblognorm: buildPTree: tree 0x9b9f70, i 5, char '-' liblognorm: buildPTree: tree 0x9b9f70, i 6, char '5' liblognorm: buildPTree: tree 0x9b9f70, i 7, char '-' liblognorm: buildPTree: tree 0x9b9f70, i 8, char 'C' liblognorm: buildPTree: tree 0x9b9f70, i 9, char 'O' liblognorm: buildPTree: tree 0x9b9f70, i 10, char 'N' liblognorm: buildPTree: tree 0x9b9f70, i 11, char 'F' liblognorm: buildPTree: tree 0x9b9f70, i 12, char 'I' liblognorm: buildPTree: tree 0x9b9f70, i 13, char 'G' liblognorm: buildPTree: tree 0x9b9f70, i 14, char '_' liblognorm: buildPTree: tree 0x9b9f70, i 15, char 'I' liblognorm: buildPTree: tree 0x9b9f70, i 16, char ':' liblognorm: buildPTree: tree 0x9b9f70, i 17, char ' ' liblognorm: buildPTree: tree 0x9b9f70, i 18, char 'C' liblognorm: buildPTree: tree 0x9b9f70, i 19, char 'o' liblognorm: buildPTree: tree 0x9b9f70, i 20, char 'n' liblognorm: buildPTree: tree 0x9b9f70, i 21, char 'f' liblognorm: buildPTree: tree 0x9b9f70, i 22, char 'i' liblognorm: buildPTree: tree 0x9b9f70, i 23, char 'g' liblognorm: buildPTree: tree 0x9b9f70, i 24, char 'u' liblognorm: buildPTree: tree 0x9b9f70, i 25, char 'r' liblognorm: buildPTree: tree 0x9b9f70, i 26, char 'e' liblognorm: buildPTree: tree 0x9b9f70, i 27, char 'd' liblognorm: buildPTree: tree 0x9b9f70, i 28, char ' ' liblognorm: buildPTree: tree 0x9b9f70, i 29, char 'f' liblognorm: buildPTree: tree 0x9b9f70, i 30, char 'r' liblognorm: buildPTree: tree 0x9b9f70, i 31, char 'o' liblognorm: buildPTree: tree 0x9b9f70, i 32, char 'm' liblognorm: buildPTree: tree 0x9b9f70, i 33, char ' ' liblognorm: buildPTree: tree 0x9b9f70, i 34, char 'c' liblognorm: buildPTree: tree 0x9b9f70, i 35, char 'o' liblognorm: buildPTree: tree 0x9b9f70, i 36, char 'n' liblognorm: buildPTree: tree 0x9b9f70, i 37, char 's' liblognorm: buildPTree: tree 0x9b9f70, i 38, char 'o' liblognorm: buildPTree: tree 0x9b9f70, i 39, char 'l' liblognorm: buildPTree: tree 0x9b9f70, i 40, char 'e' liblognorm: buildPTree: tree 0x9b9f70, i 41, char ' ' liblognorm: buildPTree: tree 0x9b9f70, i 42, char 'b' liblognorm: buildPTree: tree 0x9b9f70, i 43, char 'y' liblognorm: buildPTree: tree 0x9b9f70, i 44, char ' ' liblognorm: case 1.1 liblognorm: addSampToTree 65 of 93 liblognorm: parsed field: 'cisco.user' liblognorm: got new subtree 0x9becb0 liblognorm: merging with tree 0x9bca90 liblognorm: addSampToTree 82 of 93 liblognorm: parsed literal: ' on console' liblognorm: buildPTree: begin at 0x9bca90, offs 0 liblognorm: buildPTree: tree 0x9bca90, i 0, char ' ' liblognorm: buildPTree: tree 0x9bca90, i 1, char 'o' liblognorm: buildPTree: tree 0x9bca90, i 2, char 'n' liblognorm: buildPTree: tree 0x9bca90, i 3, char ' ' liblognorm: case 2, i=4, ipfix=4 liblognorm: splitTree 0x9bca90 at offs 4 liblognorm: setPrefix lenBuf 4, offs 0 liblognorm: splitTree new tree 0x9bf500 lenPrefix=4, char ' ' liblognorm: splitTree new case two bb, offs=4, newlen 2 liblognorm: pre addPTree: i 4 liblognorm: addPTree: offs 4 liblognorm: addPTree: add 'console', offs 4, tree 0x9bf500 liblognorm: setPrefix lenBuf 6, offs 0 liblognorm: end addSampToTree 93 of 93 number of tree nodes: 15 Sep 18 13:06:18: %SYS-5-CONFIG_I: Configured from console by console To normalize: 'Sep 18 13:06:18: %SYS-5-CONFIG_I: Configured from console by console' liblognorm: 0: prefix compare succeeded, still valid liblognorm: 0:trying parser for field 'date': 0x7fa21cf9af70 liblognorm: potential hit, trying subtree liblognorm: 16: prefix compare ' ', ' ' liblognorm: 17: prefix compare '%', '%' liblognorm: 18: prefix compare 'S', 'S' liblognorm: 19: prefix compare 'Y', 'Y' liblognorm: 20: prefix compare 'S', 'S' liblognorm: 21: prefix compare '-', '-' liblognorm: 22: prefix compare '5', '5' liblognorm: 23: prefix compare '-', '-' liblognorm: 24: prefix compare 'C', 'C' liblognorm: 25: prefix compare 'O', 'O' liblognorm: 26: prefix compare 'N', 'N' liblognorm: 27: prefix compare 'F', 'F' liblognorm: 28: prefix compare 'I', 'I' liblognorm: 29: prefix compare 'G', 'G' liblognorm: 30: prefix compare '_', '_' liblognorm: 31: prefix compare 'I', 'I' liblognorm: 32: prefix compare ':', ':' liblognorm: 33: prefix compare ' ', ' ' liblognorm: 34: prefix compare 'C', 'C' liblognorm: 35: prefix compare 'o', 'o' liblognorm: 36: prefix compare 'n', 'n' liblognorm: 37: prefix compare 'f', 'f' liblognorm: 38: prefix compare 'i', 'i' liblognorm: 39: prefix compare 'g', 'g' liblognorm: 40: prefix compare 'u', 'u' liblognorm: 41: prefix compare 'r', 'r' liblognorm: 42: prefix compare 'e', 'e' liblognorm: 43: prefix compare 'd', 'd' liblognorm: 44: prefix compare ' ', ' ' liblognorm: 45: prefix compare 'f', 'f' liblognorm: 46: prefix compare 'r', 'r' liblognorm: 47: prefix compare 'o', 'o' liblognorm: 48: prefix compare 'm', 'm' liblognorm: 49: prefix compare ' ', ' ' liblognorm: 50: prefix compare 'c', 'c' liblognorm: 51: prefix compare 'o', 'o' liblognorm: 52: prefix compare 'n', 'n' liblognorm: 53: prefix compare 's', 's' liblognorm: 54: prefix compare 'o', 'o' liblognorm: 55: prefix compare 'l', 'l' liblognorm: 56: prefix compare 'e', 'e' liblognorm: 57: prefix compare ' ', ' ' liblognorm: 58: prefix compare 'b', 'b' liblognorm: 59: prefix compare 'y', 'y' liblognorm: 60: prefix compare ' ', ' ' liblognorm: 61: prefix compare succeeded, still valid liblognorm: 61:trying parser for field 'cisco.user': 0x7fa21cf9a790 liblognorm: potential hit, trying subtree liblognorm: 68 returns -4 liblognorm: 61 nonmatch, backtracking required, left=-4 liblognorm: 61 no field, trying subtree char 'c': 0x9b8d80 liblognorm: 62: prefix compare 'o', 'o' liblognorm: 63: prefix compare 'n', 'n' liblognorm: 64: prefix compare 's', 's' liblognorm: 65: prefix compare 'o', 'o' liblognorm: 66: prefix compare 'l', 'l' liblognorm: 67: prefix compare 'e', 'e' liblognorm: 68: prefix compare succeeded, still valid liblognorm: 68 returns 0 liblognorm: 61 returns -4 liblognorm: 0 nonmatch, backtracking required, left=-4 liblognorm: 0 no field, trying subtree char 'S': (nil) liblognorm: 0 returns -4 liblognorm: final result for normalizer: left -4, endNode 0x9b8d80 normalized: '[cee@115 originalmsg="Sep 18 13:06:18: %SYS-5-CONFIG_I: Configured from console by console" unparsed-data=""]' [cee@115 originalmsg="Sep 18 13:06:18: %SYS-5-CONFIG_I: Configured from console by console" unparsed-data=""]