Hello,

I just started the evaluation of Eventlog Analyzer and would like to know if it is possible to summarize the log by its contained keywords.

Concretely, I would like to make a summary from the example log below.

In case of "type=traffic subtype=violation",  I would like to know the number of the log by "service"

Also, In case of  "type=virus subtype=infected " I would like to know the number of the log by "virus" as well.

========== example log ==========

date=2011-10-17 time=10:01:11 type=traffic subtype=violation pri=warning service=Microsoft-DS

date=2011-10-17 time=10:01:12 type=traffic subtype=violation pri=warning service=dns-request

date=2011-10-17 time=10:01:13 type=traffic subtype=violation pri=warning service=mail

date=2011-10-17 time=10:01:14 type=traffic subtype=violation pri=warning service=ping

date=2011-10-17 time=10:01:22 type=virus subtype=infected pri=warning virus="wel-known123!"

date=2011-10-17 time=10:01:23 type=virus subtype=infected pri=warning virus="famous-xyz!"

date=2011-10-17 time=10:01:24 type=virus subtype=infected pri=warning virus="wel-known123!"

===============================

I would appreciate your advice.

Thank you

Yoshihiro Mochizuki