Parser Exchange

This page is meant to help collect parsers for log files. Post a comment with either a link to your parser or past the parser in here if it is not too big.

Symantec A/V log parser

I have updated my simple Symantec A/V log parser. It normalizes and converts syslog formatted Symantec A/V logs into coma-separated fields. I used it to convert syslog Symantec A/V logs to CSV files and loaded the data into Advizor Analyst. This type of graph shows interesting re-infection patterns for individual hosts (horizontal lines), signature updates following malware blooms (vertical patterns with the same colors) as well as others.

avParser.pl

need help in av log parser

Hi, i tried using this av log parser. but the result shown is:

ERROR - Unable to open [Anti]
ERROR - Unable to open [Virust]
ERROR - Unable to open [Sample]
ERROR - Unable to open [Log]
ERROR - Unable to open [file.csv]

can anyone please help me on it. Thank you.

regards,
Adeline

Possible solution

Adeline, it looks like the filename that was passed to the script was Anti Virus Sample Log file.csv and the script is parsing the file name as separate words. You can wrap the filename in quotes or escape the spaces. In *nix, you can use '\' so Anti\ Virus\ Sample\ Log\ file.csv or 'Anti Virus Sample Log file.csv'

QuickParser

In the spirit of sharing and in the hopes of prodding a co-conspirator into finishing *his* better, stronger and faster parser, I have released the source to Quick Parser; my regex-less log parser specifically for Juniper (Netscreen) firewall logs.

The readers who want to

The readers who want to subscribe to timely updates from favored websites or to aggregate feeds from many sites into one place.Thanks for sharing the informative post. Regards.WoW Gold kaufen

Apache2Dot.pl

This script reads Apache web server logs and generates dot files usable in GraphViz.

Apache2Dot.pl

An example can be found here.

Snort Alert

An snort parser for Snort Alert files. This is part of the AfterGlow distribution

Netfilter/iptables log parser

I have written a parser for Netfilter log messages called "nf2csv", and it is distributed with the psad project.
You can download nf2csv here:

http://www.cipherdyne.org/psad/download/nf2csv

--
Michael Rash
http://www.cipherdyne.org/

Argus

An argus parser for Argus output. This is part of the AfterGlow distribution

TCPDump

This is a parser for tcpdump. This is part of the AfterGlow distribution.

PacketFilter

This pf parser parses PF firewall logs from OpenBSD. This is part of the AfterGlow distribution.

Sendmail

This sendmail parser will help you merge the two log entries (the to: and the from:) entry into one output line. You can also choose which fields you want to have in the output. And the best: It outputs CSV files that you can easly process further. This is part of the AfterGlow distribution.