liblognorm

liblognorm is a tool to normalize log data. It takes logs in different formats as input and outputs the data within them in a single, consistent format. For example, if you have traffic logs from three different firewalls, liblognorm will be able to normalize all the events into a generic form. Among other features, it can extract source and destination IP addresses and ports and make them available via well-defined fields. The result is that a common log analysis application will be able to work on that common set independently from the actual firewalls feeding it. Even better, once a well-understood interim format exists, it is also easy to convert that into any other vendor specific format, so that you can use that vendor's analysis tool.