On 02/18/2011 03:41 PM, Valentijn Sessink wrote:
Hi,
Peter Czanik schreef:
As you might have read it here on the list or at Bazsi's blog, we plan to move patterndb to CEE instead of using our own schema
OK. Does this also mean that the patterns at http://git.balabit.hu/?p=bazsi/syslog-ng-patterndb.git are out of date, i.e. that there are newer (but not public) patterns? (For example, the sshd patterns are very useful, variables and all, but there are some messages lacking and it's latest revision is from 2010-07-13).
Sending a bunch of patterns that you already have, or sending patterns in an oldfashioned format is not my intent.
Internally I worked on to convert existing patterns to CEE. Those became quickly out of date, as CEE is still a moving target. So, for now we will continue working using the "oldfashioned" format, focusing on login / logout events. Once CEE is ready for use, I'll convert patterns from "oldfashioned" to CEE. Summary: your patterns are very welcome and I encourage everyone to send new or updated patterns or help us to collect log samples: http://czanik.blogs.balabit.com/2010/11/log-sample-collecting-project/ -- Peter Czanik (CzP) <czanik@balabit.hu> BalaBit IT Security / syslog-ng upstream http://czanik.blogs.balabit.com/