<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Thanks That seems to have fixed it&nbsp;<div class=""><br class=""></div><div class="">I have another topic for use case but I’ll create another thread.&nbsp;</div><div class=""><br class=""></div><div class=""><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Aug 31, 2016, at 8:02 AM, Mitzki, András &lt;<a href="mailto:andras.mitzki@balabit.com" class="">andras.mitzki@balabit.com</a>&gt; wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">Hi Scot,<div class=""><br class=""></div><div class="">Your founded issue seems valid. The GitHub project: syslog-ng-patterndb need some updates, to fix that warnings (<span style="font-size:12.8px" class="">Non-numeric correlation state ID found</span>).</div><div class="">For the quick workaround you can add some missing "@" to the following lines in generated patterndb.xml. After that syslog-ng should start with that patterndb.xml.</div><div class=""><br class=""></div><div class=""><div class="">install/var/patterndb.xml:209: &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;value name='usracct.device'&gt;${temp.su_username}@@${temp.su_tty}&lt;/value&gt;</div><div class="">install/var/patterndb.xml:587: &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;value name='usracct.device'&gt;${temp.sudo_username}@@${temp.sudo_tty}&lt;/value&gt;</div><div class="">install/var/patterndb.xml:616: &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;value name='usracct.device'&gt;${temp.sudo_username}@@${temp.sudo_tty}&lt;/value&gt;</div><div class="">install/var/patterndb.xml:643: &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;value name='usracct.device'&gt;${temp.sudo_username}@@unknown&lt;/value&gt;</div></div><div class=""><br class=""></div><div class="">Micek</div></div><div class="gmail_extra"><br class=""><div class="gmail_quote">On Wed, Aug 31, 2016 at 6:58 AM, Scot Needy <span dir="ltr" class="">&lt;<a href="mailto:scotrn@gmail.com" target="_blank" class="">scotrn@gmail.com</a>&gt;</span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br class="">
<br class="">
Can someone point me in the right direction on how to use update-patterndb for syslog-ng ?<br class="">
<br class="">
Downloaded current git syslog-ng-patterndb to /opt/syslog-ng/etc/patterndb.<wbr class="">d/, but not sure how to load and test it.<br class="">
<br class="">
Am I doing something wrong ?<br class="">
<br class="">
<br class="">
bin/pdbtool&nbsp; merge -r --glob \*.pdb -D /opt/syslog-ng/etc/patterndb.d -p /opt/syslog-ng/etc/patterndb.<wbr class="">xml<br class="">
<br class="">
[@ROOT] sbin/syslog-ng -f /opt/syslog-ng/etc/syslog-ng.<wbr class="">conf<br class="">
<br class="">
[2016-08-31T00:55:54.978717] Non-numeric correlation state ID found, assuming a literal '@' character. To avoid confusion when using a literal '@' after a macro or template function, write '@@' in the template.; Template='${temp.su_username}@<wbr class="">${temp.su_tty}’<br class="">
blah…<br class="">
blah..<br class="">
[2016-08-31T00:55:54.978978] Non-numeric correlation state ID found, assuming a literal '@' character. To avoid confusion when using a literal '@' after a macro or template function, write '@@' in the template.; Template='${temp.sudo_<wbr class="">username}@unknown’<br class="">
<br class="">
<br class="">
______________________________<wbr class="">______________________________<wbr class="">__________________<br class="">
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank" class="">https://lists.balabit.hu/<wbr class="">mailman/listinfo/syslog-ng</a><br class="">
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank" class="">http://www.balabit.com/<wbr class="">support/documentation/?<wbr class="">product=syslog-ng</a><br class="">
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank" class="">http://www.balabit.com/wiki/<wbr class="">syslog-ng-faq</a><br class="">
<br class="">
</blockquote></div><br class=""></div>
______________________________________________________________________________<br class="">Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" class="">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br class="">Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" class="">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br class="">FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" class="">http://www.balabit.com/wiki/syslog-ng-faq</a><br class=""><br class=""></div></blockquote></div><br class=""></div></div></body></html>