timerange problem when using last years' syslog timestamped logfiles (was: Re: Postfix log analysis : Date calculation problem)
Joost van Baal
joostvb at logreport.org
Wed Apr 19 10:15:52 CEST 2006
Thanks Wytze!
Op wo 19 apr 2006 om 10:05:40 +0200 schreef Wytze van der Raay:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 19.04.2006 09:56, Joost van Baal wrote:
> > Op di 18 apr 2006 om 08:29:55 +0200 schreef Stephan Ruggiero:
> >>If this is a problem: Is there a way to get around it?
> >
> > Well, since syslog doesn't add the year to its timestamps, Lire uses
> > some heuristics to guess the year. There might very well be a bug in
> > these heuristics.
>
> I don't think there is a bug in the heuristics (which are indeed in
> Lire::Time::syslog2cal()), but you have to keep in mind that they are
> *heuristics*, i.e. they assume the "normal" case, processing a logfile
> which is fairly recent. More specifically, when running on April 19, 2006,
> the heuristic will map a "year-less" date in a logfile of April 21 or later
> to the previous year (2005), but will map a year-less date up to April 20
> to the current year (2006). Thus a logfile with dates Jan 1 - Dec 31 will
> effectively be interpreted as containing dates April 21, 2005 - April 20, 2006.
Wytze is right :)
> As far as I am aware, the only way out of this is to preprocess your
> logfile, adding an explicit year to the timestamps.
E.g. by converting it to either one of the year-carrying formats
mentioned in Lire::Syslog(3pm), or a customized format, and extending
Lire::Syslog to support that.
Bye,
Joost
--
. . http://logreport.com/
| '.| /^LogReport$/
| Lire http://logreport.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 829 bytes
Desc: Digital signature
Url : http://lists.logreport.org/pipermail/questions/attachments/20060419/232b0302/attachment.bin
More information about the Questions
mailing list