My mistake. We have a database that is used to produce the actual patterndb.xml file. Since the "class" isn't of functional importance, the code that produced the patterndb.xml file just used the "program pattern" so that all matches for a given program would use the same class. This code filtered out some of the invalid characters, but not the $. The end result is that the "class" was the component that was failing the xml validation because it contained the $. Since there is no real functional difference for what the class is set to, I am happy to ignore this limitation, but if you want to discuss it internally, I wouldn't complain if you removed this limitation on the "class". thanks for looking at this. Evan. On 10/28/2014 02:51 AM, Tusa Viktor wrote:
Hi!
I think we can. But I can't see in the xsd file where we diallow the $ character. patternType is an xs:string which allows every legal character, and I even managed to validate a patterndb file with $ in it's program name with xmllint. Can you please send me an example of non-validating xml file?
Best Regards, Viktor
On Sat, Oct 25, 2014 at 10:37 PM, Balazs Scheidler <bazsi77@gmail.com <mailto:bazsi77@gmail.com>> wrote:
I think the restriction should be removed. Viktor, do you agree?
On Oct 20, 2014 12:47 AM, "Evan Rempel" <erempel@uvic.ca <mailto:erempel@uvic.ca>> wrote:
Technically speaking, any non-alphanumeric character will terminate the TAG field at the beginning of the message. This is usually one of : [ or space as in the examples
program: this is the message program[123]: this is the message program this is the message
In practice though, syslog daemons will send TAGs that contain any character and the syslog-ng Agent for Windows will forward the application name as it shows in the Windows Event Log. In some cases, this TAG will contain a $ character.
The patterndb-4.xsd definition disallows the $ character in the program pattern in pattern database files.
Can this restriction be removed to allow for the $ or is this a larger issue that I see?
Thanks again for all of the support.
Evan.