Pattern database and '<'
Hello, Currently, I'm using syslog-ng version 3.1.1. I would like to parse that kind of message by using pattern database. Here is the message : "<<<<< Message message message". So I created that xml file : <?xml version='1.0' encoding='UTF-8'?> <patterndb version='3' pub_date='2010-07-22'> <ruleset name='test' id='yann-test-9999999999'> <description>Programme : test</description> <pattern>test</pattern> <rules> <rule provider='yann' id='ss-test:syslog:dest:123123123:id005' class='system'> <patterns> <pattern><<<<< Message message message</pattern> <values> <value name=".classifier.facility">local0</value> <value name=".classifier.severity">notice</value> <value name=".classifier.priority">133</value> </values> </patterns> </rule> </rules> </ruleset> </patterndb> I obtain that message when I try to parse with the pdbtool application : $ pdbtool match -p syslog-ng.xml -P test -M "<<<<< Message message message" Error parsing pattern database file; filename='/tmp/syslog-ng.xml', error='Error on line 9 char 22: \'<\' is not a valid character following a \'<\' character; it may not begin an element name' Into the xml file, I replaced '<<<<<' with @STRING::@ or @ESTRING...@ but it doesn't work. Is it possible to match that kind of message ? Regards, Yann
On 2010-07-23, Ilas, Yann wrote:
Currently, I'm using syslog-ng version 3.1.1. I would like to parse that kind of message by using pattern database. Here is the message : "<<<<< Message message message". So I created that xml file : [...] <pattern><<<<< Message message message</pattern> [...] I obtain that message when I try to parse with the pdbtool application : $ pdbtool match -p syslog-ng.xml -P test -M "<<<<< Message message message" Error parsing pattern database file; filename='/tmp/syslog-ng.xml', error='Error on line 9 char 22: \'<\' is not a valid character following a \'<\' character; it may not begin an element name'
Into the xml file, I replaced '<<<<<' with @STRING::@ or @ESTRING...@ but it doesn't work. Is it possible to match that kind of message ?
Characters < and > are special to XML notation. Try using < and > instead. HTH -- Jakub Jankowski|shasta@toxcorp.com|http://toxcorp.com/ GPG: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D
On Fri, 2010-07-23 at 11:25 +0200, Ilas, Yann wrote:
Hello,
Currently, I'm using syslog-ng version 3.1.1.
I would like to parse that kind of message by using pattern database. Here is the message : "<<<<< Message message message".
So I created that xml file :
<?xml version='1.0' encoding='UTF-8'?>
<patterndb version='3' pub_date='2010-07-22'>
<ruleset name='test' id='yann-test-9999999999'>
<description>Programme : test</description>
<pattern>test</pattern>
<rules>
<rule provider='yann' id='ss-test:syslog:dest:123123123:id005' class='system'>
<patterns>
<pattern><<<<< Message message message</pattern>
<values>
<value name=".classifier.facility">local0</value>
<value name=".classifier.severity">notice</value>
<value name=".classifier.priority">133</value>
</values>
</patterns>
</rule>
</rules>
</ruleset>
</patterndb>
The other poster has already responded with your original problem. I was just wondering why you are assigning facility/severity values from your patterndb parser? Isn't that easier to use the $FACILITY / $LEVEL macros in a destination file perhaps? Or what do you want to accomplish here? -- Bazsi
participants (3)
-
Balazs Scheidler
-
Ilas, Yann
-
Jakub Jankowski