Hi! On Mon, 2010-01-11 at 09:55 -0500, Nate Hausrath wrote:
Right now, the ASA logs are being placed in the other.log file, and no other logs are being placed anywhere (even though I have verified they are being received). Just to reiterate, I'm trying to place the Windows logs in a windows.log file, ASA logs in an asa.log file, and everything else in the other.log file.
You can try to match a log message with the given pattern ruleset with the pdbtool command. First try to dump the patterndb with the dump command pdbtool dump -p /opt/ssb/var/db/patterndb.xml -T Then check the programs: pdbtool dump -p /opt/ssb/var/db/patterndb.xml -P zcv After that (if everything is good) try to match a log message: pdbtool match -p /opt/ssb/var/db/patterndb.xml -P zcv -M "Iam the message part." Do not forget to set the program with the -P option. Is the pdbtool found the correct rule?