Hello Martin, On Mon, Aug 02, 2010 at 10:07:36PM -0500, Martin Holste wrote:
Did you try the patternize utility? It can automate a lot of the pattern creating.
First of all thank you very much for pointing out patternize; I did see many of the patterndb related blogs but missed this one. I will certainly investigate this in detail and make as much use of it as possible.
Also, are you using the pdbtool to test the messages? See this blog post for more info:
I thought about pdbtool but the problem there was that I needed to know exactly which string the daemon would receive, how it would look when the daemon stripped the headers, and what it would send into the patterndb for matching. This is because the messages on the socket have different headers from the headers which are used in the disk files of messages I am using as the source of raw material for creating the patterns. Thus I end up with the same problem I started with, unless I'm missing something here.
--Martin
Cheers, Matthew.
On Mon, Aug 2, 2010 at 9:39 PM, Matthew Hall <mhall@mhcomputing.net> wrote:
Hello list,
Recently I created a series of blasphemous scripts which convert some large collections of recorded log messages in my environment into pattern DB XML files. At first there were some syntax errors but I fixed all of these and the XML files are loading successfully.
However I am running into some problems with the next step: getting the patterns to match against the incoming log messages. I suspect I am not properly stripping the headers off of the disk files of recorded messages I am using to generate the pattern DB XML files.
I am wondering how I can enable the right debugging capabilities to get more detailed debug output from the pattern DB parser where I can see what strings are being processed so that I can fix this right instead of guessing repeatedly and incorrectly.
Thanks, Matthew Hall. ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html