Tool to correlate logs by timestamp

Question

I have various log files, some with the same format (webserver + webserver SSL), some with different formats and even different timestamps.

How can I correlate these log files together in a simple console tool?

Bonus question: Some logs might not have a timestamp in every line, such as exception logs - that start with a time stamp, followed by the exception:

2012-11-12T10:16:38+00:00 ERR (3): 
exception 'Exception' with message 'joinAttribute not implemented' in /var/foo/Bar.php:123
Stack trace:

Show them in one file, ordered by the date the messages appeared. — Alex, Nov 13 '12 at 17:59

score 1 · Answer 1 · answered Nov 13 '12 at 18:06

1

You can use Simple Event Correlator (SEC) for this.

answered Nov 13 '12 at 18:06

Clayton Dukes

Sounds very interesting. Did you use it? Can you give an example to correlate two logs of the same webserver (same timestamp format etc.) ? – Alex Nov 13 '12 at 19:09
It's been around for a very long time. It is essentially a very well written perl script. There are tons of examples out there, just give it a good ol' googling :-) – Clayton Dukes Nov 13 '12 at 22:07
Can you give an example on how to use it to simply correlate two logs ? I did not find any :-( – Alex Dec 07 '12 at 15:40

1 Answers1