Hi, We are using syslog-ng 3.4.5 version and we are using it to utilize patterndb. We are not looking for bug fix but using it for just all the different ways we can use the patterndb xml. Please provide me the info on such as the IF and ELSE statements, For loops in the xml file. Thanks, Mukesh Kumar
Hi Mukesh, You cannot use if-else or for loop in patterndb, you can only set pattern matching rules, to classify the incoming log messages. The oldest Admin Guide I have found is for 3.5: https://www.syslog-ng.com/technical-documents/list/syslog-ng-open-source-edi... Chapter 13 is about patterndb. Can you tell us your use case? What do you want to achieve by using if-else and for loop in the patterndb xml? Cheers, Attila ________________________________ From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of mukesh kumar <mkkumar20@gmail.com> Sent: Monday, February 1, 2021 6:50 AM To: syslog-ng-owner@lists.balabit.hu <syslog-ng-owner@lists.balabit.hu>; syslog-ng@lists.balabit.hu <syslog-ng@lists.balabit.hu> Subject: [syslog-ng] Syslog-ng 3.4.5 support question CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. Hi, We are using syslog-ng 3.4.5 version and we are using it to utilize patterndb. We are not looking for bug fix but using it for just all the different ways we can use the patterndb xml. Please provide me the info on such as the IF and ELSE statements, For loops in the xml file. Thanks, Mukesh Kumar
Hi Attila, Thank you for reply. We are using these type of If-Else condition in patterendb xml and want to know if there is any documentation available to implement other types of conditions as well. <rules> <rule id="xyz-3735951352" class="xyz"> <patterns> <pattern>@ESTRING::"[@@ESTRING:tmp.day:/@@ESTRING:tmp.month:/@@ESTRING:tmp.year::@@PCRE:tmp.time:\d{1,2}:\d{1,2}:\d{1,2}@ @ESTRING:timezone:]@"@ESTRING:tmp.dstport: @</pattern> </patterns> <values> <value name="metaclass">xyz</value> <value name="dstport">$(if ("${tmp.dstport}" != "-") ${tmp.dstport} 0)</value> <value name="requesttime">${tmp.year}-$(if ("${tmp.month}" == "Jan") 01 $(if ("${tmp.month}" == "jan") 01 $(if ("${tmp.month}" == "Feb") 02 $(if ("${tmp.month}" == "feb") 02 $(if ("${tmp.month}" == "Mar") 03 $(if ("${tmp.month}" == "mar") 03 $(if ("${tmp.month}" == "Apr") 04 $(if ("${tmp.month}" == "apr") 04 $(if ("${tmp.month}" == "May") 05 $(if ("${tmp.month}" == "may") 05 $(if ("${tmp.month}" == "Jun") 06 $(if ("${tmp.month}" == "jun") 06 $(if ("${tmp.month}" == "Jul") 07 $(if ("${tmp.month}" == "jul") 07 $(if ("${tmp.month}" == "Aug") 08 $(if ("${tmp.month}" == "aug") 08 $(if ("${tmp.month}" == "Sep") 09 $(if ("${tmp.month}" == "sep") 09 $(if ("${tmp.month}" == "Oct") 10 $(if ("${tmp.month}" == "oct") 10 $(if ("${tmp.month}" == "Nov") 11 $(if ("${tmp.month}" == "nov") 11 $(if ("${tmp.month}" == "Dec") 12 $(if ("${tmp.month}" == "dec") 12 ${tmp.month}))))))))))))))))))))))))-${tmp.day} ${tmp.time}</value> </values> </rule> Thanks, Mukesh Kumar On Mon, Feb 1, 2021 at 2:06 PM Attila Szakacs (aszakacs) < Attila.Szakacs@oneidentity.com> wrote:
Hi Mukesh,
You cannot use if-else or for loop in patterndb, you can only set pattern matching rules, to classify the incoming log messages.
The oldest Admin Guide I have found is for 3.5: https://www.syslog-ng.com/technical-documents/list/syslog-ng-open-source-edi... Chapter 13 is about patterndb.
Can you tell us your use case? What do you want to achieve by using if-else and for loop in the patterndb xml?
Cheers, Attila ------------------------------ *From:* syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of mukesh kumar <mkkumar20@gmail.com> *Sent:* Monday, February 1, 2021 6:50 AM *To:* syslog-ng-owner@lists.balabit.hu <syslog-ng-owner@lists.balabit.hu>; syslog-ng@lists.balabit.hu <syslog-ng@lists.balabit.hu> *Subject:* [syslog-ng] Syslog-ng 3.4.5 support question
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
Hi,
We are using syslog-ng 3.4.5 version and we are using it to utilize patterndb. We are not looking for bug fix but using it for just all the different ways we can use the patterndb xml. Please provide me the info on such as the IF and ELSE statements, For loops in the xml file.
Thanks, Mukesh Kumar
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hi Mukesh, On Sun, Feb 07, 2021 at 06:12:00PM +0530, mukesh kumar wrote:
<value name="requesttime">${tmp.year}-$(if ("${tmp.month}" == "Jan") 01 $(if ("${tmp.month}" == "jan") 01 $(if ("${tmp.month}" == "Feb") 02 $(if ("${tmp.month}" == "feb") 02 $(if ("${tmp.month}" == "Mar") 03 $(if ("${tmp.month}" == "mar") 03 $(if ("${tmp.month}" == "Apr") 04 $(if ("${tmp.month}" == "apr") 04 $(if ("${tmp.month}" == "May") 05 $(if ("${tmp.month}" == "may") 05 $(if ("${tmp.month}" == "Jun") 06 $(if ("${tmp.month}" == "jun") 06 $(if ("${tmp.month}" == "Jul") 07 $(if ("${tmp.month}" == "jul") 07 $(if ("${tmp.month}" == "Aug") 08 $(if ("${tmp.month}" == "aug") 08 $(if ("${tmp.month}" == "Sep") 09 $(if ("${tmp.month}" == "sep") 09 $(if ("${tmp.month}" == "Oct") 10 $(if ("${tmp.month}" == "oct") 10 $(if ("${tmp.month}" == "Nov") 11 $(if ("${tmp.month}" == "nov") 11 $(if ("${tmp.month}" == "Dec") 12 $(if ("${tmp.month}" == "dec") 12 ${tmp.month}))))))))))))))))))))))))-${tmp.day} ${tmp.time}</value> </values>
Did you consider the excellent date-parser() which would *probably* help in this situation ?
Hi Fabien, Could you please give me some documentation to use date-parser() and any other function to use within Syslog-ng. Thanks for your help. Regards, Mukesh On Mon, Feb 8, 2021 at 12:32 PM Fabien Wernli <wernli@in2p3.fr> wrote:
Hi Mukesh,
On Sun, Feb 07, 2021 at 06:12:00PM +0530, mukesh kumar wrote:
<value name="requesttime">${tmp.year}-$(if ("${tmp.month}" == "Jan") 01 $(if ("${tmp.month}" == "jan") 01 $(if ("${tmp.month}" == "Feb") 02 $(if ("${tmp.month}" == "feb") 02 $(if ("${tmp.month}" == "Mar") 03 $(if ("${tmp.month}" == "mar") 03 $(if ("${tmp.month}" == "Apr") 04 $(if ("${tmp.month}" == "apr") 04 $(if ("${tmp.month}" == "May") 05 $(if ("${tmp.month}" == "may") 05 $(if ("${tmp.month}" == "Jun") 06 $(if ("${tmp.month}" == "jun") 06 $(if ("${tmp.month}" == "Jul") 07 $(if ("${tmp.month}" == "jul") 07 $(if ("${tmp.month}" == "Aug") 08 $(if ("${tmp.month}" == "aug") 08 $(if ("${tmp.month}" == "Sep") 09 $(if ("${tmp.month}" == "sep") 09 $(if ("${tmp.month}" == "Oct") 10 $(if ("${tmp.month}" == "oct") 10 $(if ("${tmp.month}" == "Nov") 11 $(if ("${tmp.month}" == "nov") 11 $(if ("${tmp.month}" == "Dec") 12 $(if ("${tmp.month}" == "dec") 12 ${tmp.month}))))))))))))))))))))))))-${tmp.day} ${tmp.time}</value> </values>
Did you consider the excellent date-parser() which would *probably* help in this situation ?
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hello, You could check the syslog-ng administration guide: https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edit... -- kokan On Fri, Mar 05, 2021 at 11:09:40AM +0530, mukesh kumar wrote:
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
Hi Fabien,
Could you please give me some documentation to use date-parser() and any other function to use within Syslog-ng.
Thanks for your help.
Regards, Mukesh
On Mon, Feb 8, 2021 at 12:32 PM Fabien Wernli <wernli@in2p3.fr<mailto:wernli@in2p3.fr>> wrote: Hi Mukesh,
On Sun, Feb 07, 2021 at 06:12:00PM +0530, mukesh kumar wrote:
<value name="requesttime">${tmp.year}-$(if ("${tmp.month}" == "Jan") 01 $(if ("${tmp.month}" == "jan") 01 $(if ("${tmp.month}" == "Feb") 02 $(if ("${tmp.month}" == "feb") 02 $(if ("${tmp.month}" == "Mar") 03 $(if ("${tmp.month}" == "mar") 03 $(if ("${tmp.month}" == "Apr") 04 $(if ("${tmp.month}" == "apr") 04 $(if ("${tmp.month}" == "May") 05 $(if ("${tmp.month}" == "may") 05 $(if ("${tmp.month}" == "Jun") 06 $(if ("${tmp.month}" == "jun") 06 $(if ("${tmp.month}" == "Jul") 07 $(if ("${tmp.month}" == "jul") 07 $(if ("${tmp.month}" == "Aug") 08 $(if ("${tmp.month}" == "aug") 08 $(if ("${tmp.month}" == "Sep") 09 $(if ("${tmp.month}" == "sep") 09 $(if ("${tmp.month}" == "Oct") 10 $(if ("${tmp.month}" == "oct") 10 $(if ("${tmp.month}" == "Nov") 11 $(if ("${tmp.month}" == "nov") 11 $(if ("${tmp.month}" == "Dec") 12 $(if ("${tmp.month}" == "dec") 12 ${tmp.month}))))))))))))))))))))))))-${tmp.day} ${tmp.time}</value> </values>
Did you consider the excellent date-parser() which would *probably* help in this situation ?
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (4)
-
Attila Szakacs (aszakacs)
-
Fabien Wernli
-
mukesh kumar
-
Peter Kokai (pkokai)