Thanks but what exactly I have to write in my syslog-ng.conf&#63;<br />
I wrote this:<br />
<br />
destination d_garante {<br />
file(&quot;/var/log/garante&quot;);<br />
};<br />
<br />
parser pattern_db {<br />
db_parser( file(&quot;/var/lib/syslog-ng/patterndb.xml&quot;));<br />
};<br />
<br />
log { <br />
source(s_local);<br />
source(s_network);<br />
parser(pattern_db);            <br />
destination( d_garante);<br />
};<br />
<br />
is this right&#63;<br />
<br />
<br />
----- Messaggio da mcholste@gmail.com ---------<br />
Data: Fri, 18 Nov 2011 09:15:33 -0600<br />
Da: Martin Holste &lt;mcholste@gmail.com&gt;<br />
Rispondi-A: Syslog-ng users' and developers' mailing list &lt;syslog-ng@lists.balabit.hu&gt;<br />
Oggetto: Re: [syslog-ng] patterndb<br />
A: Syslog-ng users' and developers' mailing list &lt;syslog-ng@lists.balabit.hu&gt;<br />
<br />
<br />
&gt; From <br />
&gt; <a target="_blank" href="http://enterprise-log-search-and-archive.googlecode.com/svn/trunk/elsa/node/conf/patterndb.xml">http://enterprise-log-search-and-archive.googlecode.com/svn/trunk/elsa/node/conf/patterndb.xml</a>:<br />
&gt;<br />
&gt; &lt;patterndb version='3' pub_date='2009-11-04'&gt;<br />
&gt;         &lt;ruleset name=&quot;ssh&quot;&gt;<br />
&gt;                 &lt;pattern&gt;sshd&lt;/pattern&gt;<br />
&gt;                 &lt;rules&gt;<br />
&gt;                         &lt;rule class=&quot;11&quot; id=&quot;11&quot;&gt;<br />
&gt;                                 &lt;patterns&gt;<br />
&gt;                                         &lt;!-- s0=usracct.authmethod, s1=usracct.username,<br />
&gt; s2=usracct.device, i0=port, s3=usracct.service --&gt;<br />
&gt;                                         &lt;pattern&gt;Accepted @ESTRING:s0: @for @ESTRING:s1: @from<br />
&gt; @ESTRING:s2: @port @ESTRING:i0: @@ANYSTRING:s3@&lt;/pattern&gt;<br />
&gt;                                 &lt;/patterns&gt;<br />
&gt;                         &lt;/rule&gt;<br />
&gt;                         &lt;rule class=&quot;12&quot; id=&quot;12&quot;&gt;<br />
&gt;                                 &lt;patterns&gt;<br />
&gt;                                         &lt;!-- s0=usracct.authmethod, s1=usracct.username,<br />
&gt; s2=usracct.device, i0=port, s3=usracct.service --&gt;<br />
&gt;                                         &lt;pattern&gt;Failed @ESTRING:s0: @for @ESTRING:s1: @from @ESTRING:s2:<br />
&gt; @port @ESTRING:i0: @@ANYSTRING:s3@&lt;/pattern&gt;<br />
&gt;                                         &lt;pattern&gt;Failed @ESTRING:s0: @for invalid user @ESTRING:s1: @from<br />
&gt; @ESTRING:s2: @port @ESTRING:i0: @@ANYSTRING:s3@&lt;/pattern&gt;<br />
&gt;                                         &lt;pattern&gt;Failed @ESTRING:s0: @for illegal user @ESTRING:s1: @from<br />
&gt; @ESTRING:s2: @port @ESTRING:i0: @@ANYSTRING:s3@&lt;/pattern&gt;<br />
&gt;                                 &lt;/patterns&gt;<br />
&gt;                         &lt;/rule&gt;<br />
&gt;                         &lt;rule class=&quot;13&quot; id=&quot;13&quot;&gt;<br />
&gt;                                 &lt;patterns&gt;<br />
&gt;                                         &lt;!-- s0=usracct.username --&gt;<br />
&gt;                                         &lt;pattern&gt;pam_unix(sshd:session): session closed for user<br />
&gt; @ANYSTRING:s0:@&lt;/pattern&gt;<br />
&gt;                                         &lt;pattern&gt;session closed for user @ANYSTRING:s0:@&lt;/pattern&gt;<br />
&gt;                                 &lt;/patterns&gt;<br />
&gt;                         &lt;/rule&gt;<br />
&gt;                 &lt;/rules&gt;<br />
&gt;         &lt;/ruleset&gt;<br />
&gt; &lt;/patterndb&gt;<br />
&gt; On Fri, Nov 18, 2011 at 2:31 AM, Gianluca Tranelli<br />
&gt; &lt;g.tranelli@inarcassa.it&gt; wrote:<br />
&gt;&gt; Good morning everybody, the time is very good here in Rome, but I don't want<br />
&gt;&gt; to talk abbout the weather but about patterndb that is driving me crazy.<br />
&gt;&gt; After reading all the administration guide v3.3, I found an example of using<br />
&gt;&gt; patterndb to log the duration of an ssh Linux and to log a new formatted<br />
&gt;&gt; message. I just copied the XML, ran update-patterndb but nothing happen. Do<br />
&gt;&gt; i miss something&#63; Can someone post a complete working example on ssh&#63;<br />
&gt;&gt; Patterndb is driving me crazy.<br />
&gt;&gt;<br />
&gt;&gt; Thank you in advance.<br />
&gt;&gt;<br />
&gt;&gt;<br />
&gt;&gt; ______________________________________________________________________________<br />
&gt;&gt; Member info: <a target="_blank" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br />
&gt;&gt; Documentation:<br />
&gt;&gt; <a target="_blank" href="http://www.balabit.com/support/documentation/&#63;product=syslog-ng">http://www.balabit.com/support/documentation/&#63;product=syslog-ng</a><br />
&gt;&gt; FAQ: <a target="_blank" href="http://www.balabit.com/wiki/syslog-ng-faq">http://www.balabit.com/wiki/syslog-ng-faq</a><br />
&gt;&gt;<br />
&gt;&gt;<br />
&gt;&gt;<br />
&gt; ______________________________________________________________________________<br />
&gt; Member info: <a target="_blank" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br />
&gt; Documentation: <br />
&gt; <a target="_blank" href="http://www.balabit.com/support/documentation/&#63;product=syslog-ng">http://www.balabit.com/support/documentation/&#63;product=syslog-ng</a><br />
&gt; FAQ: <a target="_blank" href="http://www.balabit.com/wiki/syslog-ng-faq">http://www.balabit.com/wiki/syslog-ng-faq</a><br />
&gt;<br />
&gt;<br />
<br />
<br />
----- Fine messaggio da mcholste@gmail.com -----<br /><br />
<br />