Hi,
I have a problem with prelude-lml
>From prelude-lml.conf :
[format=apache]
time-format = "%d/%b/%Y:%H:%M:%S"
prefix-regex = "^(?P<hostname>S+) - -
[(?P<timestamp>.) [+-].] "
file = /var/log/apache2/access_log
Error returned by prelude-lml :
could not match prefix against log entry: 127.0.0.1 - -
[23/Apr/2007:11:46:00 +0 200] "GET
/prewikka/css/style.css HTTP/1.1" 304 - "
http://localhost/?view=
sensor _listing" "Opera/9.20 (X11; Linux i686;
U;
en)".
I noticed the difference between the time-format and the log
entry (+0 200),
maybe that's the only problem. Do you know how to correct
this error ? I'm
not very familiar with regular expressions :(
Any help appreciated.
Thanks in advance
_______________________________________________
Prelude-user site list
Prelude-user prelude-ids.org
http://www.prelude-ids.org/mailman/listinfo/prelude-user
|