<div dir="ltr">Hi Scot,<div><br></div><div>Your founded issue seems valid. The GitHub project: syslog-ng-patterndb need some updates, to fix that warnings (<span style="font-size:12.8px">Non-numeric correlation state ID found</span>).</div><div>For the quick workaround you can add some missing "@" to the following lines in generated patterndb.xml. After that syslog-ng should start with that patterndb.xml.</div><div><br></div><div><div>install/var/patterndb.xml:209: <value name='usracct.device'>${temp.su_username}@@${temp.su_tty}</value></div><div>install/var/patterndb.xml:587: <value name='usracct.device'>${temp.sudo_username}@@${temp.sudo_tty}</value></div><div>install/var/patterndb.xml:616: <value name='usracct.device'>${temp.sudo_username}@@${temp.sudo_tty}</value></div><div>install/var/patterndb.xml:643: <value name='usracct.device'>${temp.sudo_username}@@unknown</value></div></div><div><br></div><div>Micek</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Aug 31, 2016 at 6:58 AM, Scot Needy <span dir="ltr"><<a href="mailto:scotrn@gmail.com" target="_blank">scotrn@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
<br>
Can someone point me in the right direction on how to use update-patterndb for syslog-ng ?<br>
<br>
Downloaded current git syslog-ng-patterndb to /opt/syslog-ng/etc/patterndb.<wbr>d/, but not sure how to load and test it.<br>
<br>
Am I doing something wrong ?<br>
<br>
<br>
bin/pdbtool merge -r --glob \*.pdb -D /opt/syslog-ng/etc/patterndb.d -p /opt/syslog-ng/etc/patterndb.<wbr>xml<br>
<br>
[@ROOT] sbin/syslog-ng -f /opt/syslog-ng/etc/syslog-ng.<wbr>conf<br>
<br>
[2016-08-31T00:55:54.978717] Non-numeric correlation state ID found, assuming a literal '@' character. To avoid confusion when using a literal '@' after a macro or template function, write '@@' in the template.; Template='${temp.su_username}@<wbr>${temp.su_tty}’<br>
blah…<br>
blah..<br>
[2016-08-31T00:55:54.978978] Non-numeric correlation state ID found, assuming a literal '@' character. To avoid confusion when using a literal '@' after a macro or template function, write '@@' in the template.; Template='${temp.sudo_<wbr>username}@unknown’<br>
<br>
<br>
______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>
<br>
</blockquote></div><br></div>