On Fri, 2010-07-23 at 11:25 +0200, Ilas, Yann wrote:
Hello,
Currently, I'm using syslog-ng version 3.1.1.
I would like to parse that kind of message by using pattern database. Here is the message : "<<<<< Message message message".
So I created that xml file :
<?xml version='1.0' encoding='UTF-8'?>
<patterndb version='3' pub_date='2010-07-22'>
<ruleset name='test' id='yann-test-9999999999'>
<description>Programme : test</description>
<pattern>test</pattern>
<rules>
<rule provider='yann' id='ss-test:syslog:dest:123123123:id005' class='system'>
<patterns>
<pattern><<<<< Message message message</pattern>
<values>
<value name=".classifier.facility">local0</value>
<value name=".classifier.severity">notice</value>
<value name=".classifier.priority">133</value>
</values>
</patterns>
</rule>
</rules>
</ruleset>
</patterndb>
The other poster has already responded with your original problem. I was just wondering why you are assigning facility/severity values from your patterndb parser? Isn't that easier to use the $FACILITY / $LEVEL macros in a destination file perhaps? Or what do you want to accomplish here? -- Bazsi