Adiscon LogAnalyzer has a module structure and can be extended by so-called plugins. One type of plugin is the message parser. Message parsers are used to obtain structured information from a log message.
A prominent example are Windows event log messages. There is no standard format on how these look when converted to syslog. Consequently, Adiscon LogAnalyzer can not nicely display them per se. However, with the help of the Windows Event log message parser, a core component, the contents of the syslog message can be split into the relevant fields, like event id, priority, description, parameters and so on. This enables to process Windows events in syslog messages in the same way as if they were originally stored inside the database. Adiscon LogAnalyzer includes a Windows event parser suitable for use with Adiscon EventReporter and MonitorWare Agent.
Please note that Windows events are just one useful application for message parsers. Think about firewalls, switches, routers, web servers and all the like: there are classes of devices which have similar properties, but very different formats (I elaborated on that in my paper “On the nature of Syslog Data“). Message parsers are a natural solution to generalize views and reports on top of the diverse set of message formats.
The beauty of message parsers is that you do not need to rely on those that are shipped as integral part of Adiscon LogAnalyzer. Because message parsers are plugins, any party can write and add them to Adiscon LogAnalyzer. Writing a parser is easy for anyone with some basic understanding of PHP. The currently existing parsers, being GPLed, can be used as samples. Adding a new format then often boils down to just changing a few code lines inside the parser.
We maintain a directory of available parsers. You can browse it to see if a parser fits your needs. If you write a parser, please consider contributing it, so that others can use it to their benefit as well (this is a good way of saying “thank you” for the work others put into Adiscon LogAnalyzer!).
If you need a parser, but can not find one and do not know how to write it, please consider Adiscon’s professional offerings: you both get a high quality parser at a low price and help fund further Adiscon LogAnalyzer development.
It is our firm believe that message parsers are a key concept for a truly universal and diverse network event logging system (not only “syslog logging system”). They can help turn the gibberish in your log files into actually useful information.
Note: Adiscon LogAnalyzer was formerly known under the name of phpLogCon.
