<div dir="ltr">Hi David,<div><br></div><div>Robert is right, the pattern version is hardcoded.Taking a glimpse at the patterndb v3 and v4 XSDs I think the update should indeed be trivial, the format is upwards compatible. I'll send a pull request for this change in a minute.</div>
<div><br></div><div>Regarding the formatting: it uses the parsing mechanism of syslog-ng internally. It works just as if you specified a file() source for syslog-ng with flags(syslog-protocol) added. You can also give "--no-parse" for the tool which makes it parse logs just like a file() source with flags(no-parse). It wouldn't be too complicated to make it possible to use all available file source flags but I never got around doing it.</div>
<div><br></div><div>cheers,</div><div>Peter</div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Apr 16, 2014 at 1:40 AM, David Hauck <span dir="ltr"><<a href="mailto:davidh@netacquire.com" target="_blank">davidh@netacquire.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br>
<br>
Does anyone have an explanation for why a "pdbtool patternize" generated pattern db indicates it is version '3'? I'm running the latest version of syslog-ng (3.5.4.1) so I was expecting that this would produce a version '4' pattern db. Easy enough to change in the generated XML, just wondering why the latest generator wouldn't create the latest version.<br>
<br>
Also, what is the nominal format for the log messages that the 'patternize' command is able to process (i.e., would this be logs that contain the nominally formatted syslog-ng output - e.g., via the default template: template("$ISODATE $HOST $MSGHDR$MSG\n");). I've seen some output that appears to suggest there's some nominal decoding of the input log messages.<br>
<br>
Thanks,<br>
-David<br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br>
<br>
<br>
<br>
</blockquote></div><br></div>