[syslog-ng] Create Pattern-DB rules
Scheidler, Balázs
balazs.scheidler at balabit.com
Fri Sep 25 07:39:20 CEST 2015
Well, we didn't remove any support code. Solaris is not a primary platform,
but we still strive to make it work there.
I know that part of the value add that Balabit gives to its customers in
Syslog-ng premium edition is binary packages for a lot of platforms.
Solaris is a supported OS there, so it should work in OSE as well as we
share most of the code.
Compile it and let us know where and if it breaks.
On Sep 24, 2015 4:32 PM, "Justin Kala" <justinkala at gmail.com> wrote:
> I dont see it as supporting Solaris 11.
> Does 3.7 OSE support only till Solaris 10 ??
>
> On Wed, Sep 23, 2015 at 11:58 PM, Scheidler, Balázs <
> balazs.scheidler at balabit.com> wrote:
>
>> You can see the latest syslog-ng releases on syslog-ng github pages at:
>>
>> github.com/balabit/syslog-ng
>>
>> The latest is 3.7.1
>> On Sep 24, 2015 4:28 AM, "Justin Kala" <justinkala at gmail.com> wrote:
>>
>>> Is 3.5.6 OSE still the latest stable version or anything higher ??
>>>
>>> On Sun, Nov 2, 2014 at 2:26 AM, Balazs Scheidler <bazsi77 at gmail.com>
>>> wrote:
>>>
>>>> You can always use pdbtool match to debug and match messages against a
>>>> patterndb database.
>>>>
>>>> It even colorizes output how far a message matched.
>>>> On Oct 3, 2014 10:35 AM, "Fabien Wernli" <wernli at in2p3.fr> wrote:
>>>>
>>>>> Hi Justin,
>>>>>
>>>>> First things first, your patterndb file doesn't validate.
>>>>> You should always test and validate the files using
>>>>> `pdbtool test --validate <file.pdb>`. You have to put the text of your
>>>>> example in a `<test_message>` element, without forgetting the
>>>>> `program`:
>>>>>
>>>>> <examples>
>>>>> <example>
>>>>> <test_message program="sshd">Failed password for kaladhar from
>>>>> 127.0.1.1 port 44637 ssh2</test_message>
>>>>> </example>
>>>>> </examples>
>>>>>
>>>>> Now this probably doesn't explain why the parser doesn't match your
>>>>> messages.
>>>>>
>>>>> On Thu, Oct 02, 2014 at 04:31:38PM -0400, Justin Kala wrote:
>>>>> > * cat messagesAuth.2014.10.02.16unknown|unknown|*
>>>>>
>>>>> this means your message correctly made it to the pattern parser, but
>>>>> didn't
>>>>> match any rule.
>>>>> What I can suggest, is to run syslog-ng in the foreground, using
>>>>> `syslog-ng
>>>>> -Fvd` so you'll also get debugging information. Please post the
>>>>> relevant
>>>>> info from the output, if you don't figure it out by yourself.
>>>>>
>>>>> Cheers
>>>>>
>>>>>
>>>>> ______________________________________________________________________________
>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>> Documentation:
>>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>
>>>>>
>>>>
>>>> ______________________________________________________________________________
>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>> Documentation:
>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Kaladhar
>>>
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>
>
> --
> Kaladhar
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150925/6b596727/attachment-0001.htm
More information about the syslog-ng
mailing list