<p dir="ltr">There was a larger database that was converted from logcheck regexps, but that was only useful for classification and  not to extract fields from log messages</p>
<p dir="ltr">Here&#39;s the link</p>
<p dir="ltr"><a href="http://www.balabit.com/downloads/files/patterndb-snapshot/patterndb-20091209.zip">http://www.balabit.com/downloads/files/patterndb-snapshot/patterndb-20091209.zip</a></p>
<div class="gmail_quote">On Jun 25, 2013 6:13 PM, &quot;Matt Zagrabelny&quot; &lt;<a href="mailto:mzagrabe@d.umn.edu">mzagrabe@d.umn.edu</a>&gt; wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On Tue, Jun 18, 2013 at 11:54 AM, Jakub Jankowski &lt;<a href="mailto:shasta@toxcorp.com">shasta@toxcorp.com</a>&gt; wrote:<br>
&gt; On 2013-06-18, Matt Zagrabelny wrote:<br>
&gt;<br>
&gt;&gt; I just cloned the git://<a href="http://git.balabit.hu/bazsi/syslog-ng-patterndb.git" target="_blank">git.balabit.hu/bazsi/syslog-ng-patterndb.git</a><br>
&gt;&gt; and it looks like the project has not seen much activity since 2010.<br>
&gt;&gt; Are people still using patterndb? Do the patterns not change much and<br>
&gt;&gt; that is the reason that the git database has not changed much?<br>
&gt;<br>
&gt; <a href="https://czanik.blogs.balabit.com/2013/05/patterndb-git-moved-and-updated/" target="_blank">https://czanik.blogs.balabit.com/2013/05/patterndb-git-moved-and-updated/</a><br>
<br>
Thanks, Jakub!<br>
<br>
I&#39;ve cloned the repo, but it seems somewhat sparse. The 3.3 OSE admin<br>
PDF states that:<br>
<br>
&quot;13.2.2. Downloading sample pattern databases<br>
Sample pattern databases are available at the BalaBit Download page.<br>
Note that even though these pattern databases<br>
contain over 8000 rules for more than 200 applications and devices,<br>
they are only samples and experimental databases<br>
that are not officially supported and may or may not work in your environment.&quot;<br>
<br>
I only see a small number of applications and correspondingly small<br>
number of rules (compared to 200/8000). Is there a larger database of<br>
rules out there?<br>
<br>
Is there a preferred file extension between .xml and .pdb?<br>
<br>
Thanks,<br>
<br>
-mz<br>
<br>
&gt; HTH<br>
&gt;<br>
&gt; --<br>
&gt; Jakub Jankowski|<a href="mailto:shasta@toxcorp.com">shasta@toxcorp.com</a>|<a href="http://toxcorp.com/" target="_blank">http://toxcorp.com/</a><br>
&gt; GPG: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D<br>
&gt; ______________________________________________________________________________<br>
&gt; Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
&gt; Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
&gt; FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
&gt;<br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote></div>