PDA

View Full Version : Parsing log files needs tab character

FUBARinSFO
April 7th, 2010, 02:22 AM
Hi:

I've got some rather large (24MB) log files and would like to parse them outside of NOD32. The problem is that the error/information message from NOD32 isn't separated clearly from the file/path it is referring to. Most messages are separated by ' - ', but that string is contained in some paths or filenames as well.

What's needed is an unambiguous message character in the output string, like the tab character (0x09). I thought it was in one of the logs of 4.x, but now I see it's just the space characters as normal.

Is there a setting somewhere where this can be set?

Thank you in advance.

-- Roy Zider

NOD32 2.7, 3.x and 4.x in use
Marcos
April 7th, 2010, 02:30 AM
I'm using v. 4.2.35 and the entries in columns are indeed separated by a tab when exported to a text file :-\
FUBARinSFO
April 7th, 2010, 02:50 AM
Marcos:

Using 4.0.417 here -- don't see that in this version. Is this a releatively recent change? There's no separation in the .xml file export either.

As I said, I thought I had it, but now can't find it. Is there a changelog around here somewhere?

Thanks.

-- Roy
Marcos
April 7th, 2010, 03:24 AM
This log was created using v. 4.0.417:
FUBARinSFO
April 7th, 2010, 04:15 AM
Marco:

Ahh, that explains it. We're looking at different records. You have posted (very nicely I might add) the hex view of a summary record, whereas I am trying to parse the detail records of an on-demand scan.

Unfortunately the log screens have similar labels, so there is some confusion here. On the screen shots that have Time, Scanned Folders, Scanned, etc, I get tabs too. But on the screen which has all the message detail, headed "Log" only, there are no tabs. Do you see what I'm looking at now?

-- Roy
Marcos
April 7th, 2010, 05:40 AM
On-demand scanner logs have always had a structure like this since NOD32 v1 (or even probably NOD32 for DOS). I've successfully used a parser to parse these kind of logs but moved to ecls logs when v3 became available. A possible solution would be bordering the path with speech marks but this might cause troubles to other users who have accustomed the parsers to the current format in the past.
FUBARinSFO
April 7th, 2010, 08:46 PM
Thanks, Marcos. As the subject line says, a simple tab character separation between object and message would solve this.

-- Roy