Did you try the patternize utility? It can automate a lot of the pattern creating. It's on git and written about here: http://gyp.blogs.balabit.com/2010/01/introducing-pdbtool-patternize.html . Also, are you using the pdbtool to test the messages? See this blog post for more info: http://marci.blogs.balabit.com/2010/07/pdbtool-test-and-pattern-database.htm... . --Martin On Mon, Aug 2, 2010 at 9:39 PM, Matthew Hall <mhall@mhcomputing.net> wrote:
Hello list,
Recently I created a series of blasphemous scripts which convert some large collections of recorded log messages in my environment into pattern DB XML files. At first there were some syntax errors but I fixed all of these and the XML files are loading successfully.
However I am running into some problems with the next step: getting the patterns to match against the incoming log messages. I suspect I am not properly stripping the headers off of the disk files of recorded messages I am using to generate the pattern DB XML files.
I am wondering how I can enable the right debugging capabilities to get more detailed debug output from the pattern DB parser where I can see what strings are being processed so that I can fix this right instead of guessing repeatedly and incorrectly.
Thanks, Matthew Hall. ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html