Syslog Log Samples

This page shall serve as a repository of log formats. Please note that the focus of this repository is to show the diversity of log formats – so that people building parsers can find ways towards the most generic approach. The repository is not meant as a source for test data. Though this of course is desirable, too, we think it goes beyond the scope of this repository. Broadening the scope would make data gathering even harder and thus could be contra-productive. We have, however, included longer log samples if we got hold of them.

As of now this lists looks disorganized … because it *is* 😉 We are right now finding the right presentation form for this archive, so please bear a little with us. If you have comments, please email Rainer.

Call for Log Samples

If you have log samples not yet in the archive, PLEASE send us a copy! We are trying to get this repository as complete as possible, but it is really a tough job if you don’t get data. So if you have anything to submit, please email Rainer Gerhards (who takes care of this project).

Firewalls

• Cisco PIX
• Clavister Firewall
• Netgear FWG114P

Routers

Oops… anybody out there with some router logs?

UNIX/Linux Deamons

All of these logs were created by daemons, which most probably means the logs were created by stock *nix syslogd.

• SuSE SLES 8
• RedHat Linux 8.0
• RedHat Enterprise Linux
• HP UX b 10.20
• HP UX b 11.00
• HP UX b 11.11
• PostFix
• Apache (Unix)
• Amavis-New
• Cron Daemon
• DCC Server
• Red Hat Linux 7.3
• RK Hunter
• Up 2 Date
• URL Scan
• X Free 86

Don’t really know what it is…

We received some logs from things we really don’t know (btw: I’d like to see a log entry from a Mars rover ;))

• OpenPBS Daemons

Acknowledgments

We would like to thank the following people who contributed eiter logs are additional information: Jeff Falgout, Mikael Olsson, Jim Prewett, Kevin W. Gagel

Additional Information

This log format repository is part of Adiscon’s approach to generalizing log data. You may also find these other papers interesting:

• “On the Nature of Syslog Data“, Rainer Gerhards, 2004

---

Syslog messages generated by these products can be received by MonitorWare Agent and WinSyslog.

All information in this section is to the best of our knowledge but without warrenty of any kind. This is free information – use it at your sole risk.