I cant execute those commands. Here's the error

Unknown command
Syntax: pdbtool <command> [options]
Possible commands are:
    match        Match a message against the pattern database
    dump         Dump pattern datebase tree
    merge        Merge pattern databases
    dictionary   Dump pattern dictionary

Version

syslog-ng-premium-edition 3.2.1
Installer-Version: 3.2.1


 





------------------------------

Message: 3
Date: Thu, 22 Dec 2011 13:11:05 -0600
From: Martin Holste <mcholste@gmail.com>
Subject: Re: [syslog-ng] Pattern matching.
To: "Syslog-ng users' and developers' mailing list"
       <syslog-ng@lists.balabit.hu>
Message-ID:
       <CANpnLHgau7bZrSP2ro0QY=a8ZcJZLyqJgAVegWufDuszOjuCMA@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

You can also include an example pattern as part of the actual rule like this:

<ruleset>
               <program></program>
               <rule id="2">
                       <pattern>@ESTRING:user::@ Security Microsoft
Windows security auditing.: [Success Audit] A computer account was
changed.    Subject:   Security ID:  S-1-5-7   Account Name:
ANONYMOUS LOGON   Account Domain:  NT AUTHORITY   Logon ID:  0x3e6
Computer Account That Was Changed:   Security ID:  @ESTRING::
@Account Name:   @ESTRING:ACC_NAME: @   Account Domain:  WW002
Changed Attributes:   SAM Account Name: -   Display Name:  -   User
Principal Name: -   Home Directory:  -   Home Drive:  -   Script Path:
 -   Profile Path:  -   User Workstations: -   Password Last Set:
@ESTRING:: @@ESTRING:: @   Account Expires:  -   Primary Group ID: -
AllowedToDelegateTo: -   Old UAC Value:  -   New UAC Value:  -   User
Account Control: -   User Parameters: -   SID History:  -   Logon
Hours:  -   DNS Host Name:  -   Service Principal Names: -
Additional Information:   Privileges:  - (EventID 4742)</pattern>
                       <examples>
                               <example>
                                       <test_message
program="Microsoft_Windows_security_auditing.[5784]">: Security
Microsoft Windows security auditing.: [Success Audit] A computer
account was changed.    Subject:   Security ID:  S-1-5-7   Account
Name:  ANONYMOUS LOGON   Account Domain:  NT AUTHORITY   Logon ID:
0x3e6    Computer Account That Was Changed:   Security ID:
S-1-5-21-776561741-789336058-725345543-305444   Account Name:  User1$
 Account Domain:  TEST    Changed Attributes:   SAM Account Name: -
Display Name:  -   User Principal Name: -   Home Directory:  -   Home
Drive:  -   Script Path:  -   Profile Path:  -   User Workstations: -
 Password Last Set: 12/22/2011 3:38:32 AM   Account Expires:  -
Primary Group ID: -   AllowedToDelegateTo: -   Old UAC Value:  -   New
UAC Value:  -   User Account Control: -   User Parameters: -   SID
History:  -   Logon Hours:  -   DNS Host Name:  -   Service Principal
Names: -    Additional Information:   Privileges:  - (EventID
4742)</test_message>
                                       <test_value
name="ACC_NAME">User1$</test_value>
                               </example>
                       </examples>
               </rule>
       </ruleset>

Then you can test it more easily like this:
pdbtool test patterndb.xml

On Thu, Dec 22, 2011 at 8:04 AM, Balazs Scheidler <bazsi@balabit.hu> wrote:
> On Thu, 2011-12-22 at 14:31 +0530, Anup Shetty wrote:
>> Nope, no luck yet. Still blanks being spit out.
>>
>>
>> Here's the exact extract of the pattern matching and the log:
>>
>>
>> Pattern String
>> ---------------------------
>>
>>
>> @ESTRING:user::@ Security Microsoft Windows security auditing.:
>> [Success Audit] A computer account was changed. ? ?Subject: ? Security
>> ID: ?S-1-5-7 ? Account Name: ?ANONYMOUS LOGON ? Account Domain: ?NT
>> AUTHORITY ? Logon ID: ?0x3e6 ? ?Computer Account That Was Changed:
>> Security ID: ?@ESTRING:: ?@Account Name: ? @ESTRING:ACC_NAME: @
>> Account Domain: ?WW002 ? ?Changed Attributes: ? SAM Account Name: -
>> Display Name: ?- ? User Principal Name: - ? Home Directory: ?- ? Home
>> Drive: ?- ? Script Path: ?- ? Profile Path: ?- ? User Workstations: -
>> Password Last Set: @ESTRING:: @@ESTRING:: @ ? Account Expires: ?-
>> Primary Group ID: - ? AllowedToDelegateTo: - ? Old UAC Value: ?- ? New
>> UAC Value: ?- ? User Account Control: - ? User Parameters: - ? SID
>> History: ?- ? Logon Hours: ?- ? DNS Host Name: ?- ? Service Principal
>> Names: - ? ?Additional Information: ? Privileges: ?- (EventID 4742)
>>
>>
>> Log
>> ------------------
>>
>>
>> Dec 22 03:38:32 Server.zoom11.test.net
>> Microsoft_Windows_security_auditing.[5784]: : Security Microsoft
>> Windows security auditing.: [Success Audit] A computer account was
>> changed. ? ?Subject: ? Security ID: ?S-1-5-7 ? Account Name:
>> ?ANONYMOUS LOGON ? Account Domain: ?NT AUTHORITY ? Logon ID: ?0x3e6
>> ?Computer Account That Was Changed: ? Security ID:
>> ?S-1-5-21-776561741-789336058-725345543-305444 ? Account Name: ?User1$
>> Account Domain: ?TEST ? ?Changed Attributes: ? SAM Account Name: -
>> Display Name: ?- ? User Principal Name: - ? Home Directory: ?- ? Home
>> Drive: ?- ? Script Path: ?- ? Profile Path: ?- ? User Workstations: -
>> Password Last Set: 12/22/2011 3:38:32 AM ? Account Expires: ?-
>> Primary Group ID: - ? AllowedToDelegateTo: - ? Old UAC Value: ?- ? New
>> UAC Value: ?- ? User Account Control: - ? User Parameters: - ? SID
>> History: ?- ? Logon Hours: ?- ? DNS Host Name: ?- ? Service Principal
>> Names: - ? ?Additional Information: ? Privileges: ?- (EventID 4742)
>>
>>
> "pdbtool match" can be used to test patterns.
>
> pdbtool patch -p <path to xml file> -P '<appname>' -M '<msg>' --debug --color-out
>
> This even colours the output so that the partial matches can be
> recognized. This is the best way to troubleshoot patterns.
>
> --
> Bazsi
>
>


--
Thanks and regards,
Anup