| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.DEB.2.02.1107131723410.16335@asgard.lang.hm> Date: Wed, 13 Jul 2011 17:30:19 -0700 (PDT) From: david@...g.hm To: linux-kernel <linux-kernel@...r.kernel.org> Subject: best way to handle multi-line kernel messages a query was made on the rsyslog mailing list about the possibility of rsyslog handling kernel messages better. Currently each line of logs is a separate log entry (and as log entries traverse networks there are thigns taht can cause them to get re-ordered). It would be nice to be able to combine multi-line logs into one log entry. The problem is figuring out how to tell when one log entry finishes and the next starts. >From examining logs it looks like follow-up lines are frequently (but not always) indented with some form of whitespace (this indentation taking place after the timestamp if that's enabled) but this is not consistantly the case. I suspect that there is not currently any good way for something to really tell when one log entry has finished and another is starting, but I wanted to ask here if there is anything that I should be able to rely on (with the thought that fixing log messages that don't work that way coudl be somethign for -janitors or newbes to work on) or is this a completely hopeless task that people receiving logs should not even try to do? David Lang -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists