People were having issues with KIWI syslog at some point here. The default logging format for kiwi is its own format. You can set many logging formats, include BSD Syslog and RAW. What exactly were you removing from the BSD formatted logs that made it work? I can try several different things with Kiwi until I get a format out of it that works with all of the log parsing tools.
Chris Green -----Original Message----- From: david raistrick [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 15, 2002 10:57 AM To: Gianluigi Trento Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [gb-users] Re: R: [gb-users] WELF log format On Tue, 15 Oct 2002, Gianluigi Trento wrote: > Now I'm testing Sawmill (http://www.sawmill.net). > It's read many log formats, WELF included, but does not recognize and does > not process new Gnatbox logs. > Is it Gnatbox log format full WELF compatibile or is it a variant? I just downloaded sawmill6.4b4 and ran it against some sample freebsd-syslog captured logs. Sawmill cannot process these, it seems. It looks to be a bug with sawmill...it would be a reasonable thing to expect it to process syslog-captured data. I ran the log through a quick filter to remove the syslog data from the file, then processed it with sawmill. Sawmill was able to identify the data as WELF and give me processed output. My filter (this should work with most UNIX flavors..though your mileage may vary.): # cut -d" " -f5- < GBlog.log.0 > filtered.log.0 Let me know how it works for you. ...david PS: I've cc'ed this to sawmill support. --- David Raistrick Systems Administrator - Global Technology Associates, Inc [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[email protected]
