There was a larger database that was converted from logcheck regexps, but that was only useful for classification and not to extract fields from log messages Here's the link http://www.balabit.com/downloads/files/patterndb-snapshot/patterndb-20091209... On Jun 25, 2013 6:13 PM, "Matt Zagrabelny" <mzagrabe@d.umn.edu> wrote:
On Tue, Jun 18, 2013 at 11:54 AM, Jakub Jankowski <shasta@toxcorp.com> wrote:
On 2013-06-18, Matt Zagrabelny wrote:
I just cloned the git://git.balabit.hu/bazsi/syslog-ng-patterndb.git and it looks like the project has not seen much activity since 2010. Are people still using patterndb? Do the patterns not change much and that is the reason that the git database has not changed much?
https://czanik.blogs.balabit.com/2013/05/patterndb-git-moved-and-updated/
Thanks, Jakub!
I've cloned the repo, but it seems somewhat sparse. The 3.3 OSE admin PDF states that:
"13.2.2. Downloading sample pattern databases Sample pattern databases are available at the BalaBit Download page. Note that even though these pattern databases contain over 8000 rules for more than 200 applications and devices, they are only samples and experimental databases that are not officially supported and may or may not work in your environment."
I only see a small number of applications and correspondingly small number of rules (compared to 200/8000). Is there a larger database of rules out there?
Is there a preferred file extension between .xml and .pdb?
Thanks,
-mz
HTH
-- Jakub Jankowski|shasta@toxcorp.com|http://toxcorp.com/ GPG: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq