From marcin at mejor.pl Sat Apr 2 15:43:11 2011 From: marcin at mejor.pl (=?ISO-8859-2?Q?Marcin_Miros=B3aw?=) Date: Sat, 02 Apr 2011 15:43:11 +0200 Subject: [Lognorm] liblognorm - segfault issue - Debian Wheezy In-Reply-To: <9B6E2A8877C38245BFB15CC491A11DA71DDEFF@GRFEXC.intern.adiscon.com> References: <20110321122619.GC25589@bundy.vistech.net><20110321143817.GB30874@bundy.vistech.net><9B6E2A8877C38245BFB15CC491A11DA71DDEF1@GRFEXC.intern.adiscon.com><9B6E2A8877C38245BFB15CC491A11DA71DDEF6@GRFEXC.intern.adiscon.com> <20110331160452.GA12113@bundy.vistech.net> <9B6E2A8877C38245BFB15CC491A11DA71DDEFF@GRFEXC.intern.adiscon.com> Message-ID: <4D9727EF.5020706@mejor.pl> W dniu 2011-03-31 20:01, Rainer Gerhards pisze: > I'll see that I get new releases out tomorrow. Hi! Gentoo ebuilds: liblognorm-0.2.0 - http://bugs.gentoo.org/348698 libee-0.2.0 - http://bugs.gentoo.org/348696 or all from my personal overlay: http://repoz.mejor.pl/svn/gentoo/portage/ Regards. From rgerhards at hq.adiscon.com Mon Apr 4 14:06:33 2011 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Mon, 4 Apr 2011 14:06:33 +0200 Subject: [Lognorm] How to create a central rulebase repository for log normalization? Message-ID: <9B6E2A8877C38245BFB15CC491A11DA71DDF2C@GRFEXC.intern.adiscon.com> Hi all, please have a look at my post over here: http://blog.gerhards.net/2011/04/log-normalization-how-to-share.html This is a very important question, and I'd appreciate all comments and feedback. Thanks, Rainer From chifflier at wzdftpd.net Mon Apr 4 13:35:48 2011 From: chifflier at wzdftpd.net (Pierre Chifflier) Date: Mon, 04 Apr 2011 13:35:48 +0200 Subject: [Lognorm] log normalization: how to share rulebases? Message-ID: <4D99AD14.4090807@wzdftpd.net> ( In reply to http://blog.gerhards.net/2011/04/log-normalization-how-to-share.html ) Hi Rainer (and list), Here's some feedback on the rulebases-sharing topic I've previously worked on a project, with the objective of storing signatures in a VCS (subversion, git). This really has advantages: - lots of tools to extract signatures for all platforms - fast - can handle branches - easy updates for clients, with support for merges etc. - interesting features like handling versioning, hooks on commits etc. In short, this looks like a good solution for the client-side. However, using a repository as the frontal method to push new signatures has some problems: - no real handling of permissions (it's all-repos or nothing for most VCS) - no support of workflows, like testing area with automatic (or not) transition to production area - hooks can't be really complicated (imho, they should involve things like regressions tests, etc. which needs to be asynchronous) Having some workflows (like unstable/testing/stable in sid, for ex) is really important. That's why, at the moment I was looking at the project, I started writing a daemon in django (with some REST features) wrapping a git repos. The daemon was the upload-side, and was in charge of committing changes, visualize signatures, etc. However, the project is not finished (basic functions are working, but many are missing). Maybe some ideas (and code) could be borrowed from this project, if you are interested. After some time, I'm still convinced that using a VCS is a good idea, it only needs a few tools to encapsulate the method to use it (workflows). Regards, Pierre From laanwj at gmail.com Mon Apr 4 14:19:03 2011 From: laanwj at gmail.com (Wladimir van der Laan) Date: Mon, 4 Apr 2011 14:19:03 +0200 Subject: [Lognorm] How to create a central rulebase repository for log normalization? In-Reply-To: <9B6E2A8877C38245BFB15CC491A11DA71DDF2C@GRFEXC.intern.adiscon.com> References: <9B6E2A8877C38245BFB15CC491A11DA71DDF2C@GRFEXC.intern.adiscon.com> Message-ID: > please have a look at my post over here: > > http://blog.gerhards.net/2011/04/log-normalization-how-to-share.html > > This is a very important question, and I'd appreciate all comments and > feedback. > My recommendation would be to make a github repository for it -- github is a very good place for collaborative programming, and I think that'd apply to these rulesets just as well. It would make it very easy to fork the repository, add some of your own rules, then send a pull request to have them incorporated upstream. Wladimir -------------- next part -------------- An HTML attachment was scrubbed... URL: From david at lang.hm Mon Apr 4 18:46:56 2011 From: david at lang.hm (david at lang.hm) Date: Mon, 4 Apr 2011 09:46:56 -0700 (PDT) Subject: [Lognorm] How to create a central rulebase repository for log normalization? In-Reply-To: References: <9B6E2A8877C38245BFB15CC491A11DA71DDF2C@GRFEXC.intern.adiscon.com> Message-ID: On Mon, 4 Apr 2011, Wladimir van der Laan wrote: >> please have a look at my post over here: >> >> http://blog.gerhards.net/2011/04/log-normalization-how-to-share.html >> >> This is a very important question, and I'd appreciate all comments and >> feedback. >> > > My recommendation would be to make a github repository for it -- github is a > very good place for collaborative programming, and I think that'd apply to > these rulesets just as well. It would make it very easy to fork the > repository, add some of your own rules, then send a pull request to have > them incorporated upstream. There is a lot to say for this proposal, it uses git under the covers so that it's easy to branch and merge, but there is a website that can be used to pull a tarball of the rules for people who just want a copy and don't want to change anything. one thing that everyone needs to realize, rules that are considered 'good' today will be considered 'bad' at some point in the future when we realize that they match something other than what was intended. This isn't a failure in the project, just incomplete information at the time the rule was created. David Lang -------------- next part -------------- _______________________________________________ Lognorm mailing list Lognorm at lists.adiscon.com http://lists.adiscon.net/mailman/listinfo/lognorm From rgerhards at hq.adiscon.com Tue Apr 5 18:00:04 2011 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Tue, 5 Apr 2011 18:00:04 +0200 Subject: [Lognorm] How to create a central rulebase repository for lognormalization? Message-ID: <9B6E2A8877C38245BFB15CC491A11DA71DDF4C@GRFEXC.intern.adiscon.com> Thanks everyone for responding. I'll do a wrap-up on the blog, most probably tomorrow. But it looks like the overall consensus was to give the git method at least a serious try, and I'll do that :) Rainer > -----Original Message----- > From: lognorm-bounces at lists.adiscon.com [mailto:lognorm- > bounces at lists.adiscon.com] On Behalf Of Rainer Gerhards > Sent: Monday, April 04, 2011 2:07 PM > To: rsyslog at lists.adiscon.com; lognorm at lists.adiscon.com > Subject: [Lognorm] How to create a central rulebase repository for > lognormalization? > > Hi all, > > please have a look at my post over here: > > http://blog.gerhards.net/2011/04/log-normalization-how-to-share.html > > This is a very important question, and I'd appreciate all comments and > feedback. > > Thanks, > Rainer > _______________________________________________ > Lognorm mailing list > Lognorm at lists.adiscon.com > http://lists.adiscon.net/mailman/listinfo/lognorm From rgerhards at hq.adiscon.com Wed Apr 6 15:09:49 2011 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 6 Apr 2011 15:09:49 +0200 Subject: [Lognorm] Identifying message types In-Reply-To: References: <9B6E2A8877C38245BFB15CC491A11DA71DDE56@GRFEXC.intern.adiscon.com> Message-ID: <9B6E2A8877C38245BFB15CC491A11DA71DDF51@GRFEXC.intern.adiscon.com> It's finally done: http://blog.gerhards.net/2011/04/log-classification-with-liblognorm.html This is based on some older CEE ideas and not necessarily inline with what comes up. Also, I can think of a couple of more things that would be good to add. But at least we now have the core functionality. Feedback, as usual, appreciated. Official release will follow shortly, either today or tomorrow. Everything already available via git. Rainer > -----Original Message----- > From: lognorm-bounces at lists.adiscon.com [mailto:lognorm- > bounces at lists.adiscon.com] On Behalf Of Wladimir van der Laan > Sent: Tuesday, March 22, 2011 12:33 PM > To: lognorm > Subject: Re: [Lognorm] Identifying message types > > Hello Rainer, > > Thanks for the explanation. Looks like I was right in my feeling that this was > missing. > > I understand your rationale to wait for CEE on this, though. I read their spec, > and they propose that the identification of a message includes object, action > and status. But they haven't defined exactly what these should be, neither > do they give any examples. > > They still have quite a lot of definition work to to. Hopefully, it won't take too > long, a standard for logging is very badly needed, and the longer it takes, the > more developers will yet again come up with their own solutions. > > I'm currently classifying all kinds of events in Zenoss Core, and realized that > when I was defining regexp patterns I could just as well tell it how to extract > out the interesting information for analysis and more useful presentation. > Which is how I got to this project. > > Wladimir > > BTW: great work on rsyslog. > > > On Tue, Mar 22, 2011 at 10:37 AM, Rainer Gerhards > wrote: > > > Hi Wladimir, > > This is a good question and you are abosultely right -- this is currently > missing. In fact, the speace in front of the colon inside the rulebase is > reserved for tags, which is the classification you are looking for. > Liblognorm is in its infancy, though already quite useful in its current > state. I have paused development a bit for two reasons: > > a) CEE needs to sort out some things -- I'd prefer to have some issues > solved > before continuing (and re-doing some work). > b) devel prio -- right now I am working hard on getting a new stable > v5 > rsyslog out, and this is taking quite some toll > > The feature you are asking for is definitely on the today list, and I > hope to > be able to work more on liblognorm within the next couple of weeks > (this year > has been very busy - and will be - at least until mid-april). > > Rainer > > > > -----Original Message----- > > From: lognorm-bounces at lists.adiscon.com [mailto:lognorm- > > bounces at lists.adiscon.com] On Behalf Of Wladimir van der Laan > > Sent: Monday, March 21, 2011 7:00 PM > > To: lognorm at lists.adiscon.com > > Subject: [Lognorm] Identifying message types > > > > Hello, > > > > I have a question about the usage of lognorm. As I understand, the > > program extracts data fields from log messages in text format, by > means > > of examples from a ruleset file. The output is represented as > metadata > > key/value pairs. > > > > But as far as I can see, it outputs no identifier as to what kind of > > message the log line represents. For automated log processing, one > > would also need to identify the message, for example, as failed > > authentication, or dhcp request, etc. > > > > Am I overlooking something? Is it possible to add a message type > field > > in a ruleset? > > > > Greetings, > > Wladimir > > > > > _______________________________________________ > Lognorm mailing list > Lognorm at lists.adiscon.com > http://lists.adiscon.net/mailman/listinfo/lognorm > > From laanwj at gmail.com Wed Apr 6 15:27:15 2011 From: laanwj at gmail.com (Wladimir van der Laan) Date: Wed, 6 Apr 2011 15:27:15 +0200 Subject: [Lognorm] Identifying message types In-Reply-To: <9B6E2A8877C38245BFB15CC491A11DA71DDF51@GRFEXC.intern.adiscon.com> References: <9B6E2A8877C38245BFB15CC491A11DA71DDE56@GRFEXC.intern.adiscon.com> <9B6E2A8877C38245BFB15CC491A11DA71DDF51@GRFEXC.intern.adiscon.com> Message-ID: Awesome. I think the tag-based approach is very good: it allows for matching events that are, for example either ssh, login, or fail or a combination of them. This will be very convenient with a database backend such as MongoDB which has a built in query for 'give me the records with this and this tag'. Wladimir On Wed, Apr 6, 2011 at 3:09 PM, Rainer Gerhards wrote: > It's finally done: > > http://blog.gerhards.net/2011/04/log-classification-with-liblognorm.html > > This is based on some older CEE ideas and not necessarily inline with what > comes up. Also, I can think of a couple of more things that would be good > to > add. But at least we now have the core functionality. > > Feedback, as usual, appreciated. Official release will follow shortly, > either > today or tomorrow. Everything already available via git. > > Rainer > > > -----Original Message----- > > From: lognorm-bounces at lists.adiscon.com [mailto:lognorm- > > bounces at lists.adiscon.com] On Behalf Of Wladimir van der Laan > > Sent: Tuesday, March 22, 2011 12:33 PM > > To: lognorm > > Subject: Re: [Lognorm] Identifying message types > > > > Hello Rainer, > > > > Thanks for the explanation. Looks like I was right in my feeling that > this > was > > missing. > > > > I understand your rationale to wait for CEE on this, though. I read their > spec, > > and they propose that the identification of a message includes object, > action > > and status. But they haven't defined exactly what these should be, > neither > > do they give any examples. > > > > They still have quite a lot of definition work to to. Hopefully, it won't > take too > > long, a standard for logging is very badly needed, and the longer it > takes, > the > > more developers will yet again come up with their own solutions. > > > > I'm currently classifying all kinds of events in Zenoss Core, and > realized > that > > when I was defining regexp patterns I could just as well tell it how to > extract > > out the interesting information for analysis and more useful > presentation. > > Which is how I got to this project. > > > > Wladimir > > > > BTW: great work on rsyslog. > > > > > > On Tue, Mar 22, 2011 at 10:37 AM, Rainer Gerhards > > wrote: > > > > > > Hi Wladimir, > > > > This is a good question and you are abosultely right -- this is > currently > > missing. In fact, the speace in front of the colon inside the > rulebase is > > reserved for tags, which is the classification you are looking for. > > Liblognorm is in its infancy, though already quite useful in its > current > > state. I have paused development a bit for two reasons: > > > > a) CEE needs to sort out some things -- I'd prefer to have some > issues > > solved > > before continuing (and re-doing some work). > > b) devel prio -- right now I am working hard on getting a new > stable > > v5 > > rsyslog out, and this is taking quite some toll > > > > The feature you are asking for is definitely on the today list, and > I > > hope to > > be able to work more on liblognorm within the next couple of weeks > > (this year > > has been very busy - and will be - at least until mid-april). > > > > Rainer > > > > > > > -----Original Message----- > > > From: lognorm-bounces at lists.adiscon.com [mailto:lognorm- > > > bounces at lists.adiscon.com] On Behalf Of Wladimir van der Laan > > > Sent: Monday, March 21, 2011 7:00 PM > > > To: lognorm at lists.adiscon.com > > > Subject: [Lognorm] Identifying message types > > > > > > Hello, > > > > > > I have a question about the usage of lognorm. As I understand, > the > > > program extracts data fields from log messages in text format, by > > means > > > of examples from a ruleset file. The output is represented as > > metadata > > > key/value pairs. > > > > > > But as far as I can see, it outputs no identifier as to what kind > of > > > message the log line represents. For automated log processing, > one > > > would also need to identify the message, for example, as failed > > > authentication, or dhcp request, etc. > > > > > > Am I overlooking something? Is it possible to add a message type > > field > > > in a ruleset? > > > > > > Greetings, > > > Wladimir > > > > > > > > > _______________________________________________ > > Lognorm mailing list > > Lognorm at lists.adiscon.com > > http://lists.adiscon.net/mailman/listinfo/lognorm > > > > > > _______________________________________________ > Lognorm mailing list > Lognorm at lists.adiscon.com > http://lists.adiscon.net/mailman/listinfo/lognorm > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rgerhards at hq.adiscon.com Wed Apr 6 15:56:16 2011 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Wed, 6 Apr 2011 15:56:16 +0200 Subject: [Lognorm] Identifying message types In-Reply-To: References: <9B6E2A8877C38245BFB15CC491A11DA71DDE56@GRFEXC.intern.adiscon.com><9B6E2A8877C38245BFB15CC491A11DA71DDF51@GRFEXC.intern.adiscon.com> Message-ID: <9B6E2A8877C38245BFB15CC491A11DA71DDF52@GRFEXC.intern.adiscon.com> > -----Original Message----- > From: lognorm-bounces at lists.adiscon.com [mailto:lognorm- > bounces at lists.adiscon.com] On Behalf Of Wladimir van der Laan > Sent: Wednesday, April 06, 2011 3:27 PM > To: lognorm > Subject: Re: [Lognorm] Identifying message types > > Awesome. I think the tag-based approach is very good: it allows for > matching events that are, for example either ssh, login, or fail or a > combination of them. Yes, that is exactly the idea. And it is an idea that comes from CEE and is *not* invented by me (just to make sure we have proper credits ;)). > This will be very convenient with a database > backend such as MongoDB which has a built in query for 'give me the > records with this and this tag'. > It looks like I really should have a look into MongoDB... Rainer > Wladimir > > > On Wed, Apr 6, 2011 at 3:09 PM, Rainer Gerhards > wrote: > > > It's finally done: > > http://blog.gerhards.net/2011/04/log-classification-with- > liblognorm.html > > This is based on some older CEE ideas and not necessarily inline > with what > comes up. Also, I can think of a couple of more things that would > be good to > add. But at least we now have the core functionality. > > Feedback, as usual, appreciated. Official release will follow > shortly, either > today or tomorrow. Everything already available via git. > > > Rainer > > > -----Original Message----- > > From: lognorm-bounces at lists.adiscon.com [mailto:lognorm- > > bounces at lists.adiscon.com] On Behalf Of Wladimir van der Laan > > > Sent: Tuesday, March 22, 2011 12:33 PM > > To: lognorm > > > Subject: Re: [Lognorm] Identifying message types > > > > Hello Rainer, > > > > Thanks for the explanation. Looks like I was right in my > feeling that this > was > > missing. > > > > I understand your rationale to wait for CEE on this, though. I > read their > spec, > > and they propose that the identification of a message includes > object, > action > > and status. But they haven't defined exactly what these should > be, neither > > do they give any examples. > > > > They still have quite a lot of definition work to to. > Hopefully, it won't > take too > > long, a standard for logging is very badly needed, and the > longer it takes, > the > > more developers will yet again come up with their own > solutions. > > > > I'm currently classifying all kinds of events in Zenoss Core, > and realized > that > > when I was defining regexp patterns I could just as well tell > it how to > extract > > out the interesting information for analysis and more useful > presentation. > > Which is how I got to this project. > > > > Wladimir > > > > BTW: great work on rsyslog. > > > > > > On Tue, Mar 22, 2011 at 10:37 AM, Rainer Gerhards > > wrote: > > > > > > Hi Wladimir, > > > > This is a good question and you are abosultely right -- > this is > currently > > missing. In fact, the speace in front of the colon inside > the > rulebase is > > reserved for tags, which is the classification you are > looking for. > > Liblognorm is in its infancy, though already quite useful > in its > current > > state. I have paused development a bit for two reasons: > > > > a) CEE needs to sort out some things -- I'd prefer to > have some > issues > > solved > > before continuing (and re-doing some work). > > b) devel prio -- right now I am working hard on getting a > new stable > > v5 > > rsyslog out, and this is taking quite some toll > > > > The feature you are asking for is definitely on the today > list, and I > > hope to > > be able to work more on liblognorm within the next couple > of weeks > > (this year > > has been very busy - and will be - at least until mid- > april). > > > > Rainer > > > > > > > -----Original Message----- > > > From: lognorm-bounces at lists.adiscon.com > [mailto:lognorm- > > > bounces at lists.adiscon.com] On Behalf Of Wladimir van > der Laan > > > Sent: Monday, March 21, 2011 7:00 PM > > > To: lognorm at lists.adiscon.com > > > Subject: [Lognorm] Identifying message types > > > > > > Hello, > > > > > > I have a question about the usage of lognorm. As I > understand, the > > > program extracts data fields from log messages in text > format, by > > means > > > of examples from a ruleset file. The output is > represented as > > metadata > > > key/value pairs. > > > > > > But as far as I can see, it outputs no identifier as to > what kind > of > > > message the log line represents. For automated log > processing, one > > > would also need to identify the message, for example, > as failed > > > authentication, or dhcp request, etc. > > > > > > Am I overlooking something? Is it possible to add a > message type > > field > > > in a ruleset? > > > > > > Greetings, > > > Wladimir > > > > > > > > > _______________________________________________ > > Lognorm mailing list > > Lognorm at lists.adiscon.com > > http://lists.adiscon.net/mailman/listinfo/lognorm > > > > > > _______________________________________________ > Lognorm mailing list > Lognorm at lists.adiscon.com > http://lists.adiscon.net/mailman/listinfo/lognorm > > From tbergfeld at hq.adiscon.com Wed Apr 6 18:34:24 2011 From: tbergfeld at hq.adiscon.com (Tom Bergfeld) Date: Wed, 6 Apr 2011 18:34:24 +0200 Subject: [Lognorm] liblognorm 0.3.0 released Message-ID: <9B6E2A8877C38245BFB15CC491A11DA71DDF5C@GRFEXC.intern.adiscon.com> We have just released liblognorm 0.3.0. This release includes a new major feature and a bugfix. Changes: Version 0.3.0 (rgerhards), 2011-04-06 - support for message classification via tags added (All details can be found at log classification with liblognorm.) - bugfix: partial messages were invalidly matched closes: http://bugzilla.adiscon.com/show_bug.cgi?id=247 Download: http://www.liblognorm.com/files/download/liblognorm-0.3.0.tar.gz As always, feedback is appreciated. Best regards, Tom Bergfeld From tbergfeld at hq.adiscon.com Wed Apr 6 18:37:56 2011 From: tbergfeld at hq.adiscon.com (Tom Bergfeld) Date: Wed, 6 Apr 2011 18:37:56 +0200 Subject: [Lognorm] libee 0.3.0 released Message-ID: <9B6E2A8877C38245BFB15CC491A11DA71DDF5E@GRFEXC.intern.adiscon.com> We have just released libee 0.3.0. This release includes a new major feature. Changes: Version 0.3.0 (rgerhards), 2011-04-06 - extended API - improved support for tags (All details can be found at http://www.liblognorm.com/news/log-classification-with-liblognorm/) Download: http://www.libee.org/files/download/libee-0.3.0.tar.gz As always, feedback is appreciated. Best regards, Tom Bergfeld From marcin at mejor.pl Wed Apr 6 22:59:42 2011 From: marcin at mejor.pl (=?UTF-8?B?TWFyY2luIE1pcm9zxYJhdw==?=) Date: Wed, 06 Apr 2011 22:59:42 +0200 Subject: [Lognorm] libee 0.3.0 released In-Reply-To: <9B6E2A8877C38245BFB15CC491A11DA71DDF5E@GRFEXC.intern.adiscon.com> References: <9B6E2A8877C38245BFB15CC491A11DA71DDF5E@GRFEXC.intern.adiscon.com> Message-ID: <4D9CD43E.9030300@mejor.pl> W dniu 06.04.2011 18:37, Tom Bergfeld pisze: > We have just released libee 0.3.0. Hello! As usuall, gentoo ebuild are there: https://bugs.gentoo.org/show_bug.cgi?id=348696 https://bugs.gentoo.org/show_bug.cgi?id=348698 and all from svn repository: http://repoz.mejor.pl/svn/gentoo/portage/dev-libs/ > As always, feedback is appreciated. Could be possible to fix parallel build error in future release? Libee and libestr are affected by this problem. Thanks! Build logs: >>> Compiling source in /var/tmp/portage/dev-libs/liblognorm-0.3.0/work/liblognorm-0.3.0 ... make -j2 -j10 make all-recursive make[1]: Entering directory `/var/tmp/portage/dev-libs/liblognorm-0.3.0/work/liblognorm-0.3.0' Making all in src make[2]: Entering directory `/var/tmp/portage/dev-libs/liblognorm-0.3.0/work/liblognorm-0.3.0/src' CC liblognorm_la-liblognorm.lo CC liblognorm_la-ptree.lo CC liblognorm_la-samp.lo CC liblognorm_la-lognorm.lo CC normalizer-normalizer.o normalizer.c: In function ?genDOT?: normalizer.c:134:8: warning: ignoring return value of ?fwrite?, declared with attribute warn_unused_result CCLD normalizer ptree.c: In function ?dotAddPtr?: ptree.c:476:41: warning: cast from pointer to integer of different size samp.c: In function ?ln_sampRead?: samp.c:524:8: warning: ignoring return value of ?fgets?, declared with attribute warn_unused_result CCLD liblognorm.la libtool: link: cannot find the library `../src/liblognorm.la' or unhandled argument `../src/liblognorm.la' make[2]: *** [normalizer] Error 1 make[2]: *** Waiting for unfinished jobs.... make[2]: Leaving directory `/var/tmp/portage/dev-libs/liblognorm-0.3.0/work/liblognorm-0.3.0/src' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/var/tmp/portage/dev-libs/liblognorm-0.3.0/work/liblognorm-0.3.0' make: *** [all] Error 2 emake failed >>> Compiling source in /var/tmp/portage/dev-libs/libee-0.3.0/work/libee-0.3.0 ... make -j2 -j10 make all-recursive make[1]: Entering directory `/var/tmp/portage/dev-libs/libee-0.3.0/work/libee-0.3.0' Making all in tests make[2]: Entering directory `/var/tmp/portage/dev-libs/libee-0.3.0/work/libee-0.3.0/tests' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/var/tmp/portage/dev-libs/libee-0.3.0/work/libee-0.3.0/tests' Making all in include make[2]: Entering directory `/var/tmp/portage/dev-libs/libee-0.3.0/work/libee-0.3.0/include' Making all in libee make[3]: Entering directory `/var/tmp/portage/dev-libs/libee-0.3.0/work/libee-0.3.0/include/libee' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/var/tmp/portage/dev-libs/libee-0.3.0/work/libee-0.3.0/include/libee' make[3]: Entering directory `/var/tmp/portage/dev-libs/libee-0.3.0/work/libee-0.3.0/include' make[3]: Nothing to be done for `all-am'. make[3]: Leaving directory `/var/tmp/portage/dev-libs/libee-0.3.0/work/libee-0.3.0/include' make[2]: Leaving directory `/var/tmp/portage/dev-libs/libee-0.3.0/work/libee-0.3.0/include' Making all in src make[2]: Entering directory `/var/tmp/portage/dev-libs/libee-0.3.0/work/libee-0.3.0/src' CC libee_la-ctx.lo CC libee_la-tag.lo CC libee_la-value.lo CC libee_la-event.lo CC libee_la-tagbucket.lo CC libee_la-field.lo CC libee_la-fieldbucket.lo CC libee_la-primitivetype.lo CC libee_la-int_dec.lo CC libee_la-apache_dec.lo value.c: In function ?ee_newValue?: value.c:37:20: warning: unused parameter ?ctx? event.c: In function ?ee_EventHasTag?: event.c:167:3: warning: implicit declaration of function ?ee_TagbucketHasTag? fieldbucket.c: In function ?ee_getFieldValueAsStr?: fieldbucket.c:135:12: warning: ?str? may be used uninitialized in this function apache_dec.c: In function ?ee_newApache?: apache_dec.c:37:21: warning: unused parameter ?ctx? apache_dec.c: In function ?ee_apacheAddName?: apache_dec.c:71:25: warning: unused parameter ?ctx? apache_dec.c: In function ?processLn?: apache_dec.c:205:19: warning: unused variable ?value? CC libee_la-syslog_enc.lo CC libee_la-json_enc.lo CC libee_la-xml_enc.lo CC libee_la-csv_enc.lo CC convert-convert.o CCLD convert csv_enc.c: In function ?ee_AddName?: csv_enc.c:66:19: warning: unused parameter ?ctx? xml_enc.c: In function ?ee_addValue_XML?: xml_enc.c:60:6: warning: unused variable ?j? xml_enc.c:59:7: warning: unused variable ?numbuf? xml_enc.c: At top level: xml_enc.c:40:13: warning: ?hexdigit? defined but not used libtool: link: cannot find the library `../src/libee.la' or unhandled argument `../src/libee.la' make[2]: *** [convert] Error 1 make[2]: *** Waiting for unfinished jobs.... CCLD libee.la make[2]: Leaving directory `/var/tmp/portage/dev-libs/libee-0.3.0/work/libee-0.3.0/src' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/var/tmp/portage/dev-libs/libee-0.3.0/work/libee-0.3.0' make: *** [all] Error 2 emake failed From rgerhards at hq.adiscon.com Thu Apr 7 07:11:08 2011 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Thu, 7 Apr 2011 07:11:08 +0200 Subject: [Lognorm] libee 0.3.0 released In-Reply-To: <4D9CD43E.9030300@mejor.pl> References: <9B6E2A8877C38245BFB15CC491A11DA71DDF5E@GRFEXC.intern.adiscon.com> <4D9CD43E.9030300@mejor.pl> Message-ID: <9B6E2A8877C38245BFB15CC491A11DA71DDF6C@GRFEXC.intern.adiscon.com> > -----Original Message----- > From: lognorm-bounces at lists.adiscon.com [mailto:lognorm- > bounces at lists.adiscon.com] On Behalf Of Marcin Miroslaw > Sent: Wednesday, April 06, 2011 11:00 PM > To: lognorm > Subject: Re: [Lognorm] libee 0.3.0 released > > W dniu 06.04.2011 18:37, Tom Bergfeld pisze: > > We have just released libee 0.3.0. > Hello! > As usuall, gentoo ebuild are there: > https://bugs.gentoo.org/show_bug.cgi?id=348696 > https://bugs.gentoo.org/show_bug.cgi?id=348698 > and all from svn repository: > http://repoz.mejor.pl/svn/gentoo/portage/dev-libs/ Thanks! > > > As always, feedback is appreciated. > > Could be possible to fix parallel build error in future release? > Libee and libestr are affected by this problem. > Thanks! Unfortunately, I am far from being an autotools expert and I simply do not have any idea why this happens. Help would be appreciated. Rainer > > Build logs: > > >>> Compiling source in > /var/tmp/portage/dev-libs/liblognorm-0.3.0/work/liblognorm-0.3.0 ... > make -j2 -j10 > make all-recursive > make[1]: Entering directory > `/var/tmp/portage/dev-libs/liblognorm-0.3.0/work/liblognorm-0.3.0' > Making all in src > make[2]: Entering directory > `/var/tmp/portage/dev-libs/liblognorm-0.3.0/work/liblognorm-0.3.0/src' > CC liblognorm_la-liblognorm.lo > CC liblognorm_la-ptree.lo > CC liblognorm_la-samp.lo > CC liblognorm_la-lognorm.lo > CC normalizer-normalizer.o > normalizer.c: In function ?genDOT?: > normalizer.c:134:8: warning: ignoring return value of ?fwrite?, > declared > with attribute warn_unused_result > CCLD normalizer > ptree.c: In function ?dotAddPtr?: > ptree.c:476:41: warning: cast from pointer to integer of different size > samp.c: In function ?ln_sampRead?: > samp.c:524:8: warning: ignoring return value of ?fgets?, declared with > attribute warn_unused_result > CCLD liblognorm.la > libtool: link: cannot find the library `../src/liblognorm.la' or > unhandled argument `../src/liblognorm.la' > make[2]: *** [normalizer] Error 1 > make[2]: *** Waiting for unfinished jobs.... > make[2]: Leaving directory > `/var/tmp/portage/dev-libs/liblognorm-0.3.0/work/liblognorm-0.3.0/src' > make[1]: *** [all-recursive] Error 1 > make[1]: Leaving directory > `/var/tmp/portage/dev-libs/liblognorm-0.3.0/work/liblognorm-0.3.0' > make: *** [all] Error 2 > emake failed > > > > >>> Compiling source in > /var/tmp/portage/dev-libs/libee-0.3.0/work/libee-0.3.0 ... > make -j2 -j10 > make all-recursive > make[1]: Entering directory > `/var/tmp/portage/dev-libs/libee-0.3.0/work/libee-0.3.0' > Making all in tests > make[2]: Entering directory > `/var/tmp/portage/dev-libs/libee-0.3.0/work/libee-0.3.0/tests' > make[2]: Nothing to be done for `all'. > make[2]: Leaving directory > `/var/tmp/portage/dev-libs/libee-0.3.0/work/libee-0.3.0/tests' > Making all in include > make[2]: Entering directory > `/var/tmp/portage/dev-libs/libee-0.3.0/work/libee-0.3.0/include' > Making all in libee > make[3]: Entering directory > `/var/tmp/portage/dev-libs/libee-0.3.0/work/libee-0.3.0/include/libee' > make[3]: Nothing to be done for `all'. > make[3]: Leaving directory > `/var/tmp/portage/dev-libs/libee-0.3.0/work/libee-0.3.0/include/libee' > make[3]: Entering directory > `/var/tmp/portage/dev-libs/libee-0.3.0/work/libee-0.3.0/include' > make[3]: Nothing to be done for `all-am'. > make[3]: Leaving directory > `/var/tmp/portage/dev-libs/libee-0.3.0/work/libee-0.3.0/include' > make[2]: Leaving directory > `/var/tmp/portage/dev-libs/libee-0.3.0/work/libee-0.3.0/include' > Making all in src > make[2]: Entering directory > `/var/tmp/portage/dev-libs/libee-0.3.0/work/libee-0.3.0/src' > CC libee_la-ctx.lo > CC libee_la-tag.lo > CC libee_la-value.lo > CC libee_la-event.lo > CC libee_la-tagbucket.lo > CC libee_la-field.lo > CC libee_la-fieldbucket.lo > CC libee_la-primitivetype.lo > CC libee_la-int_dec.lo > CC libee_la-apache_dec.lo > value.c: In function ?ee_newValue?: > value.c:37:20: warning: unused parameter ?ctx? > event.c: In function ?ee_EventHasTag?: > event.c:167:3: warning: implicit declaration of function > ?ee_TagbucketHasTag? > fieldbucket.c: In function ?ee_getFieldValueAsStr?: > fieldbucket.c:135:12: warning: ?str? may be used uninitialized in this > function > apache_dec.c: In function ?ee_newApache?: > apache_dec.c:37:21: warning: unused parameter ?ctx? > apache_dec.c: In function ?ee_apacheAddName?: > apache_dec.c:71:25: warning: unused parameter ?ctx? > apache_dec.c: In function ?processLn?: > apache_dec.c:205:19: warning: unused variable ?value? > CC libee_la-syslog_enc.lo > CC libee_la-json_enc.lo > CC libee_la-xml_enc.lo > CC libee_la-csv_enc.lo > CC convert-convert.o > CCLD convert > csv_enc.c: In function ?ee_AddName?: > csv_enc.c:66:19: warning: unused parameter ?ctx? > xml_enc.c: In function ?ee_addValue_XML?: > xml_enc.c:60:6: warning: unused variable ?j? > xml_enc.c:59:7: warning: unused variable ?numbuf? > xml_enc.c: At top level: > xml_enc.c:40:13: warning: ?hexdigit? defined but not used > libtool: link: cannot find the library `../src/libee.la' or unhandled > argument `../src/libee.la' > make[2]: *** [convert] Error 1 > make[2]: *** Waiting for unfinished jobs.... > CCLD libee.la > make[2]: Leaving directory > `/var/tmp/portage/dev-libs/libee-0.3.0/work/libee-0.3.0/src' > make[1]: *** [all-recursive] Error 1 > make[1]: Leaving directory > `/var/tmp/portage/dev-libs/libee-0.3.0/work/libee-0.3.0' > make: *** [all] Error 2 > emake failed > _______________________________________________ > Lognorm mailing list > Lognorm at lists.adiscon.com > http://lists.adiscon.net/mailman/listinfo/lognorm From friedl at hq.adiscon.com Mon Apr 18 15:19:45 2011 From: friedl at hq.adiscon.com (Florian Riedl) Date: Mon, 18 Apr 2011 15:19:45 +0200 Subject: [Lognorm] liblognorm 0.3.1 and libee 0.3.1 released Message-ID: <9B6E2A8877C38245BFB15CC491A11DA71DE014@GRFEXC.intern.adiscon.com> We have just released liblognorm 0.3.1 and libee 0.3.1. These releases include new features and bugfixes. Changes: Liblognorm version 0.3.1 (rgerhards), 2011-04-18 - added -t option to normalizer so that only messages with a specified tag will be output - bugfix: abort if a tag was assigned to a message without any fields parsed out (uncommon scenario) - bugfix: mem leak on parse tree destruct -- associated tags were not deleted - bugfix: potential abort in normalizer due to misadressing in debug message generation Download: http://www.liblognorm.com/files/download/liblognorm-0.3.1.tar.gz Libee version 0.3.1 (rgerhards), 2011-04-18 - API extensions - brought tag handling a bit inline with upcoming 0.6 draft CEE spec Download: http://www.libee.org/files/download/libee-0.3.1.tar.gz As always, feedback is appreciated. Best regards, Florian Riedl From marcin at mejor.pl Mon Apr 18 17:19:53 2011 From: marcin at mejor.pl (=?UTF-8?B?TWFyY2luIE1pcm9zxYJhdw==?=) Date: Mon, 18 Apr 2011 17:19:53 +0200 Subject: [Lognorm] liblognorm 0.3.1 and libee 0.3.1 released In-Reply-To: <9B6E2A8877C38245BFB15CC491A11DA71DE014@GRFEXC.intern.adiscon.com> References: <9B6E2A8877C38245BFB15CC491A11DA71DE014@GRFEXC.intern.adiscon.com> Message-ID: <4DAC5699.4040601@mejor.pl> W dniu 18.04.2011 15:19, Florian Riedl pisze: > Libee version 0.3.1 (rgerhards), 2011-04-18 > > - API extensions > - brought tag handling a bit inline with upcoming 0.6 draft CEE spec Hello! I'm getting QA notice from portage: * QA Notice: Package has poor programming practices which may compile * fine but exhibit random runtime failures. * event.c:166:3: warning: implicit declaration of function ?ee_TagbucketHasTag? Ebuild for both packages are in usual place. Regards -- xmpp (jabber): marcin [at] mejor.pl www: http://blog.mejor.pl/ From rgerhards at hq.adiscon.com Mon Apr 18 17:36:33 2011 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Mon, 18 Apr 2011 17:36:33 +0200 Subject: [Lognorm] liblognorm 0.3.1 and libee 0.3.1 released In-Reply-To: <4DAC5699.4040601@mejor.pl> References: <9B6E2A8877C38245BFB15CC491A11DA71DE014@GRFEXC.intern.adiscon.com> <4DAC5699.4040601@mejor.pl> Message-ID: <9B6E2A8877C38245BFB15CC491A11DA71DE019@GRFEXC.intern.adiscon.com> Thanks, will correct in next release! Rainer > -----Original Message----- > From: lognorm-bounces at lists.adiscon.com [mailto:lognorm- > bounces at lists.adiscon.com] On Behalf Of Marcin Miroslaw > Sent: Monday, April 18, 2011 5:20 PM > To: lognorm at lists.adiscon.com > Subject: Re: [Lognorm] liblognorm 0.3.1 and libee 0.3.1 released > > W dniu 18.04.2011 15:19, Florian Riedl pisze: > > Libee version 0.3.1 (rgerhards), 2011-04-18 > > > > - API extensions > > - brought tag handling a bit inline with upcoming 0.6 draft CEE spec > > Hello! > I'm getting QA notice from portage: > * QA Notice: Package has poor programming practices which may compile > * fine but exhibit random runtime failures. > * event.c:166:3: warning: implicit declaration of function > ?ee_TagbucketHasTag? > > Ebuild for both packages are in usual place. > Regards > > -- > xmpp (jabber): marcin [at] mejor.pl > www: http://blog.mejor.pl/ > _______________________________________________ > Lognorm mailing list > Lognorm at lists.adiscon.com > http://lists.adiscon.net/mailman/listinfo/lognorm From rgerhards at hq.adiscon.com Mon Apr 18 18:09:11 2011 From: rgerhards at hq.adiscon.com (Rainer Gerhards) Date: Mon, 18 Apr 2011 18:09:11 +0200 Subject: [Lognorm] liblognorm 0.3.1 and libee 0.3.1 released In-Reply-To: <4DAC5699.4040601@mejor.pl> References: <9B6E2A8877C38245BFB15CC491A11DA71DE014@GRFEXC.intern.adiscon.com> <4DAC5699.4040601@mejor.pl> Message-ID: <9B6E2A8877C38245BFB15CC491A11DA71DE01A@GRFEXC.intern.adiscon.com> > -----Original Message----- > From: lognorm-bounces at lists.adiscon.com [mailto:lognorm- > bounces at lists.adiscon.com] On Behalf Of Marcin Miroslaw > Sent: Monday, April 18, 2011 5:20 PM > To: lognorm at lists.adiscon.com > Subject: Re: [Lognorm] liblognorm 0.3.1 and libee 0.3.1 released > > W dniu 18.04.2011 15:19, Florian Riedl pisze: > > Libee version 0.3.1 (rgerhards), 2011-04-18 > > > > - API extensions > > - brought tag handling a bit inline with upcoming 0.6 draft CEE spec > > Hello! > I'm getting QA notice from portage: > * QA Notice: Package has poor programming practices which may compile > * fine but exhibit random runtime failures. > * event.c:166:3: warning: implicit declaration of function > ?ee_TagbucketHasTag? > > Ebuild for both packages are in usual place. > Regards I just checked: this is code that is scheduled for removal in the next version. The current implementation of tags is not inline with the upcoming CEE spec. As part of re-alignment, all of the tagbucket class will go away. Hope to have done this by end of month. Rainer From marcin at mejor.pl Mon Apr 18 22:41:32 2011 From: marcin at mejor.pl (=?ISO-8859-2?Q?Marcin_Miros=B3aw?=) Date: Mon, 18 Apr 2011 22:41:32 +0200 Subject: [Lognorm] liblognorm 0.3.1 and libee 0.3.1 released In-Reply-To: <9B6E2A8877C38245BFB15CC491A11DA71DE01A@GRFEXC.intern.adiscon.com> References: <9B6E2A8877C38245BFB15CC491A11DA71DE014@GRFEXC.intern.adiscon.com> <4DAC5699.4040601@mejor.pl> <9B6E2A8877C38245BFB15CC491A11DA71DE01A@GRFEXC.intern.adiscon.com> Message-ID: <4DACA1FC.9020102@mejor.pl> W dniu 2011-04-18 18:09, Rainer Gerhards pisze: > I just checked: this is code that is scheduled for removal in the next > version. The current implementation of tags is not inline with the upcoming > CEE spec. As part of re-alignment, all of the tagbucket class will go away. > Hope to have done this by end of month. Hi! Thanks for quick answer and explanation. Regards, Marcin.