<div dir="ltr"><div>I am setting up some patterns to parse Cisco syslog messages. I noticed that pdbtool will not complete if I have a "%F" anywhere in the string.</div>
<div><br></div><div>Example log message:</div><div>%FWSM-1-109006: Authentication failed for user 'test' from <a href="http://131.212.1.1/43250">131.212.1.1/43250</a> to <a href="http://10.1.1.1/22">10.1.1.1/22</a> on interface management<br>
</div><div><br></div><div>This does not complete:</div><div>pdbtool match -p cisco.xml -M "%FWSM-1-109006: Authentication failed for user 'test' from <a href="http://131.212.1.1/43250">131.212.1.1/43250</a> to <a href="http://10.1.1.1/22">10.1.1.1/22</a> on interface management"<br>
</div><div><br></div><div>Nor does simply %F:</div><div>pdbtool match -p cisco.xml -M "%F"<br></div><div><br></div><div>It is fine without the %:</div><div>pdbtool match -p cisco.xml -M "FWSM-1-109006: Authentication failed for user 'test' from <a href="http://131.212.1.1/43250">131.212.1.1/43250</a> to <a href="http://10.1.1.1/22">10.1.1.1/22</a> on interface management"<br>
</div><div><br></div><div><div>MESSAGE=FWSM-1-109006: Authentication failed for user 'test' from <a href="http://131.212.1.1/43250">131.212.1.1/43250</a> to <a href="http://10.1.1.1/22">10.1.1.1/22</a> on interface management</div>
<div>.classifier.class=login</div><div>.classifier.rule_id=5cfbcb23-cfe4-4120-85c1-918df65c0edc</div><div>usracct.username=test</div><div>usracct.device=131.212.1.1</div><div>usracct.service=22</div><div>usracct.type=login</div>
<div>usracct.sessionid=</div><div>usracct.application=</div><div>secevt.verdict=REJECT</div><div>TAGS=.classifier.login,usracct,secevt</div></div><div><br></div><div>It also seems to have issues with "%S", although not quite in the same way. Any ideas what could be causing this?</div>
<div><br></div><div>Mark</div><div><br></div><br clear="all"><div><div dir="ltr"><div>--</div>Mark Shetka<br>Information Technology Systems & Services<br>
University of Minnesota - Duluth<br><a href="tel:%28218%29%20726-7682" value="+12187267682" target="_blank">(218) 726-7682</a></div></div>
</div>