Thanks That seems to have fixed it I have another topic for use case but I’ll create another thread.
On Aug 31, 2016, at 8:02 AM, Mitzki, András <andras.mitzki@balabit.com> wrote:
Hi Scot,
Your founded issue seems valid. The GitHub project: syslog-ng-patterndb need some updates, to fix that warnings (Non-numeric correlation state ID found). For the quick workaround you can add some missing "@" to the following lines in generated patterndb.xml. After that syslog-ng should start with that patterndb.xml.
install/var/patterndb.xml:209: <value name='usracct.device'>${temp.su_username}@@${temp.su_tty}</value> install/var/patterndb.xml:587: <value name='usracct.device'>${temp.sudo_username}@@${temp.sudo_tty}</value> install/var/patterndb.xml:616: <value name='usracct.device'>${temp.sudo_username}@@${temp.sudo_tty}</value> install/var/patterndb.xml:643: <value name='usracct.device'>${temp.sudo_username}@@unknown</value>
Micek
On Wed, Aug 31, 2016 at 6:58 AM, Scot Needy <scotrn@gmail.com <mailto:scotrn@gmail.com>> wrote:
Can someone point me in the right direction on how to use update-patterndb for syslog-ng ?
Downloaded current git syslog-ng-patterndb to /opt/syslog-ng/etc/patterndb.d/, but not sure how to load and test it.
Am I doing something wrong ?
bin/pdbtool merge -r --glob \*.pdb -D /opt/syslog-ng/etc/patterndb.d -p /opt/syslog-ng/etc/patterndb.xml
[@ROOT] sbin/syslog-ng -f /opt/syslog-ng/etc/syslog-ng.conf
[2016-08-31T00:55:54.978717] Non-numeric correlation state ID found, assuming a literal '@' character. To avoid confusion when using a literal '@' after a macro or template function, write '@@' in the template.; Template='${temp.su_username}@${temp.su_tty}’ blah… blah.. [2016-08-31T00:55:54.978978] Non-numeric correlation state ID found, assuming a literal '@' character. To avoid confusion when using a literal '@' after a macro or template function, write '@@' in the template.; Template='${temp.sudo_username}@unknown’
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://lists.balabit.hu/mailman/listinfo/syslog-ng> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng <http://www.balabit.com/support/documentation/?product=syslog-ng> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <http://www.balabit.com/wiki/syslog-ng-faq>
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq