<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=us-ascii" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.6001.18939"></HEAD>
<BODY>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><SPAN
style="FONT-FAMILY: Arial; FONT-SIZE: 9pt; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; mso-fareast-language: EN-GB; mso-bidi-language: AR-SA"><FONT
size=2><SPAN class=609161109-16092010>I am new to syslog-ng and just trying
to get a basic version 1 XML pattern match file working
properly.</SPAN></FONT></SPAN></DIV>
<DIV><SPAN
style="FONT-FAMILY: Arial; FONT-SIZE: 9pt; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; mso-fareast-language: EN-GB; mso-bidi-language: AR-SA"><FONT
size=2><SPAN class=609161109-16092010></SPAN></FONT></SPAN> </DIV>
<DIV><SPAN
style="FONT-FAMILY: Arial; FONT-SIZE: 9pt; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; mso-fareast-language: EN-GB; mso-bidi-language: AR-SA"><FONT
size=2><SPAN class=609161109-16092010>The output with an associated
template is redirected to a file. It currently claims there is no such
value. Does this mean that the pattern match has
failed?</SPAN></FONT></SPAN></DIV>
<DIV><SPAN
style="FONT-FAMILY: Arial; FONT-SIZE: 9pt; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; mso-fareast-language: EN-GB; mso-bidi-language: AR-SA"><FONT
size=2><SPAN class=609161109-16092010></SPAN></FONT></SPAN> </DIV>
<DIV><SPAN
style="FONT-FAMILY: Arial; FONT-SIZE: 9pt; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; mso-fareast-language: EN-GB; mso-bidi-language: AR-SA"><FONT
size=2><SPAN class=609161109-16092010>Using </SPAN>syslog-ng (3.0.8)
</FONT></SPAN></DIV>
<DIV><SPAN
style="FONT-FAMILY: Arial; FONT-SIZE: 9pt; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; mso-fareast-language: EN-GB; mso-bidi-language: AR-SA"><FONT
size=2 face=Arial></FONT></SPAN> </DIV>
<DIV><SPAN
style="FONT-FAMILY: Arial; FONT-SIZE: 9pt; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; mso-fareast-language: EN-GB; mso-bidi-language: AR-SA">
<P style="MARGIN: 0cm 0cm 0pt" class=MsoNormal><SPAN
style="FONT-FAMILY: Arial; FONT-SIZE: 11pt"><FONT size=2>parser p_patterndb
{<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office"
/><o:p></o:p></FONT></SPAN></P>
<P style="MARGIN: 0cm 0cm 0pt" class=MsoNormal><SPAN
style="FONT-FAMILY: Arial; FONT-SIZE: 11pt"><FONT size=2><SPAN
style="mso-spacerun: yes">
</SPAN>db_parser(file("/opt/syslog-ng/var/db/patterns/v1/test.xml"));<o:p></o:p></FONT></SPAN></P>
<P style="MARGIN: 0cm 0cm 0pt" class=MsoNormal><SPAN
style="FONT-FAMILY: Arial; FONT-SIZE: 11pt"><FONT
size=2>};<o:p></o:p></FONT></SPAN></P>
<P style="MARGIN: 0cm 0cm 0pt" class=MsoNormal><SPAN
style="FONT-FAMILY: Arial; FONT-SIZE: 11pt"><o:p><FONT
size=2> </FONT></o:p></SPAN></P>
<P style="MARGIN: 0cm 0cm 0pt" class=MsoNormal><SPAN
style="FONT-FAMILY: Arial; FONT-SIZE: 11pt"><FONT size=2># Check pattern
matching is working<o:p></o:p></FONT></SPAN></P>
<P style="MARGIN: 0cm 0cm 0pt" class=MsoNormal><SPAN
style="FONT-FAMILY: Arial; FONT-SIZE: 11pt"><o:p><FONT
size=2> </FONT></o:p></SPAN></P>
<P style="MARGIN: 0cm 0cm 0pt" class=MsoNormal><SPAN
style="FONT-FAMILY: Arial; FONT-SIZE: 11pt"><FONT size=2>log
{<o:p></o:p></FONT></SPAN></P>
<P style="MARGIN: 0cm 0cm 0pt" class=MsoNormal><SPAN
style="FONT-FAMILY: Arial; FONT-SIZE: 11pt"><FONT size=2><SPAN
style="mso-spacerun: yes">
</SPAN>source(s_ext);<o:p></o:p></FONT></SPAN></P>
<P style="MARGIN: 0cm 0cm 0pt" class=MsoNormal><SPAN
style="FONT-FAMILY: Arial; FONT-SIZE: 11pt"><FONT size=2><SPAN
style="mso-spacerun: yes"> </SPAN>parser(p_patterndb);<SPAN
style="mso-spacerun: yes">
</SPAN><<<<<<o:p></o:p></FONT></SPAN></P>
<P style="MARGIN: 0cm 0cm 0pt" class=MsoNormal><SPAN
style="FONT-FAMILY: Arial; FONT-SIZE: 11pt"><FONT size=2><SPAN
style="mso-spacerun: yes">
</SPAN>destination(df_udp_pattern_output);<o:p></o:p></FONT></SPAN></P>
<P style="MARGIN: 0cm 0cm 0pt" class=MsoNormal><SPAN
style="FONT-FAMILY: Arial; FONT-SIZE: 11pt"><FONT size=2>};</FONT></SPAN></P>
<P style="MARGIN: 0cm 0cm 0pt" class=MsoNormal><SPAN
style="FONT-FAMILY: Arial; FONT-SIZE: 11pt"><FONT
size=2></FONT></SPAN> </P>
<P style="MARGIN: 0cm 0cm 0pt" class=MsoNormal><SPAN
style="FONT-FAMILY: Arial; FONT-SIZE: 11pt"><FONT size=2>#Check pattern
matching<BR>destination df_udp_pattern_output {<BR>
file("/var/log/pattern_output"<BR>
template("$PROGRAM,${rest},,$MSG\n")
template_escape(no));<BR>};<BR></P><o:p></o:p></FONT></SPAN></SPAN></DIV>
<DIV><SPAN
style="FONT-FAMILY: Arial; FONT-SIZE: 9pt; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; mso-fareast-language: EN-GB; mso-bidi-language: AR-SA"><SPAN
style="FONT-FAMILY: Arial; FONT-SIZE: 11pt"><o:p><SPAN
class=609161109-16092010><FONT size=2>Output
of:</FONT></SPAN></o:p></SPAN></SPAN></DIV>
<DIV><SPAN
style="FONT-FAMILY: Arial; FONT-SIZE: 9pt; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; mso-fareast-language: EN-GB; mso-bidi-language: AR-SA"><SPAN
style="FONT-FAMILY: Arial; FONT-SIZE: 11pt"><FONT
size=2><o:p></o:p></FONT></SPAN></SPAN> </DIV>
<DIV><SPAN
style="FONT-FAMILY: Arial; FONT-SIZE: 9pt; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; mso-fareast-language: EN-GB; mso-bidi-language: AR-SA"><SPAN
style="FONT-FAMILY: Arial; FONT-SIZE: 11pt"><FONT size=2><o:p>
<P style="MARGIN: 0cm 0cm 0pt" class=MsoNormal><SPAN class=MsoHyperlink><U><FONT
size=3><FONT color=#0000ff><FONT
face="Times New Roman">/opt/syslog-ng/sbin/syslog-ng -e -F -d -v >
/tmp/syslog-ng.out
2>&1<o:p></o:p></FONT></FONT></FONT></U></SPAN></P></o:p></FONT></SPAN></DIV>
<P style="MARGIN: 0cm 0cm 0pt" class=MsoNormal><SPAN
style="FONT-FAMILY: Arial; FONT-SIZE: 11pt"><FONT
size=2></FONT></SPAN></SPAN> </P>
<DIV><FONT size=2 face=Arial>Incoming log entry; line='<131>1 - -
WXC-192.168.61.202 register 1102 [wx-event@juniper.net eventtime="1284626839"
metric="Primary Reg<BR>Server Unreachable" sev="major" type="sys"] REG: Self
registration failed. IP=192.168.61.242.'<BR>Filter rule evaluation begins;
filter_rule='f_messages'<BR>Filter node evaluation result;
filter_result='not-match', filter_type='level'<BR>Filter node evaluation result;
filter_result='not-match', filter_type='AND'<BR>Filter rule evaluation result;
filter_result='not-match', filter_rule='f_messages'<BR>Filter rule evaluation
begins; filter_rule='f_udp_nagios_check'<BR>Filter node evaluation result;
filter_result='not-match'<BR>Filter rule evaluation result;
filter_result='not-match', filter_rule='f_udp_nagios_check'<BR>Filter rule
evaluation begins; filter_rule='wxc_all'<BR>Filter node evaluation result;
filter_result='not-match', filter_type='level'<BR>Filter rule evaluation result;
filter_result='not-match', filter_rule='wxc_all'<BR>Filter rule evaluation
begins; filter_rule='wxc_tunnel_info'<BR>Filter node evaluation result;
filter_result='not-match', filter_type='level'<BR>Filter node evaluation result;
filter_result='not-match', filter_type='AND'<BR>Filter rule evaluation result;
filter_result='not-match', filter_rule='wxc_tunnel_info'<BR>Filter rule
evaluation begins; filter_rule='wxc_tunnel_warn'<BR>Filter node evaluation
result; filter_result='not-match', filter_type='level'<BR>Filter node evaluation
result; filter_result='not-match', filter_type='AND'<BR>Filter rule evaluation
result; filter_result='not-match', filter_rule='wxc_tunnel_warn'<BR>Filter rule
evaluation begins; filter_rule='wxc_tunnel_crit'<BR>Filter node evaluation
result; filter_result='not-match', filter_type='level'<BR>Filter node evaluation
result; filter_result='not-match', filter_type='AND'<BR>Filter rule evaluation
result; filter_result='not-match', filter_rule='wxc_tunnel_crit'<BR>Filter rule
evaluation begins; filter_rule='wxc_license_crit'<BR>Filter node evaluation
result; filter_result='not-match', filter_type='level'<BR>Filter node evaluation
result; filter_result='not-match', filter_type='AND'<BR>Filter rule evaluation
result; filter_result='not-match',
filter_rule='wxc_license_crit'<BR></FONT><STRONG><FONT size=2 face=Arial>No such
value known; value='rest'<SPAN class=609161109-16092010>
<<<<</SPAN><BR></FONT></STRONG></DIV>
<DIV><A
href="mailto:root@nagios-collector:/opt/syslog-ng/var/db/patterns/v1"><FONT
color=#000000 size=2
face=Arial>root@nagios-collector:/opt/syslog-ng/var/db/patterns/v1</FONT></A><FONT
size=2 face=Arial># cat test1.xml<BR><?xml version="1.0"
encoding="utf-8"?><BR><patterndb version="1"
pub_date="2009-04-17"><BR> <program
name="1"><BR>
<pattern>wxc</pattern><BR> <rule id="1"
class="system"><BR>
<STRONG><pattern>@ANYSTRING:rest@</pattern><BR></STRONG>
</rule><BR> </program><BR></patterndb><BR></FONT><A
href="mailto:root@nagios-collector:/opt/syslog-ng/var/db/patterns/v1"><FONT
color=#000000 size=2
face=Arial>root@nagios-collector:/opt/syslog-ng/var/db/patterns/v1</FONT></A><FONT
size=2 face=Arial>#</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><SPAN class=609161109-16092010><FONT size=2
face=Arial>Thanks</FONT></SPAN></DIV>
<DIV><SPAN class=609161109-16092010><FONT size=2
face=Arial></FONT></SPAN> </DIV>
<DIV><SPAN class=609161109-16092010><FONT size=2
face=Arial>Peter</FONT></SPAN></DIV>
<DIV><FONT face=Arial><BR><FONT size=2></FONT></FONT></DIV><BR>
Imtech Telecom Global is a limited company registered in England and Wales. Registered number: GB04407184. Registered office: Viables 3, Jays Close, Basingstoke, Hampshire, RG22 4BS.<BR>
______________________________________________________________________<BR>
This email has been scanned by the MessageLabs Email Security System.<BR>
For more information please visit http://www.messagelabs.com/email <BR>
______________________________________________________________________<BR>
</BODY></HTML>