patterndb Joining rulesets with mismatching program name sets
Hi, It seems somewhere between 3.7 and 3.8 my patterndb broke validation tests. When running `pdbtool test` I now get: Joining rulesets with mismatching program name sets This helpful message seems to be right if I understand it correctly: <ruleset name='pam_unix' id='72d75cb0-0107-4d12-b0bf-cea36ddf7f38'> <patterns> <pattern>sshd</pattern> <pattern>crond</pattern> <pattern>imap</pattern> <pattern>imapd</pattern> <pattern>login</pattern> <pattern>pam</pattern> <pattern>pure-ftpd</pattern> <pattern>proftpd</pattern> <pattern>su</pattern> <pattern>sudo</pattern> <ruleset name='cron' id='3a8efec5-6974-4b4a-b203-3247fe235812'> <patterns> <pattern>crond</pattern> <pattern>CROND</pattern> </patterns> Since when, and why is this illegal now? Thanks
Hi, I've added this message in 2015, while fixing a bug in patterndb rule clash. Hmmm ... This is the patch that introduces it: 12cd960 The reason behind is that some of the rules would clash even if they had different program names. On Mar 22, 2017 16:43, "Fabien Wernli" <wernli@in2p3.fr> wrote:
Hi,
It seems somewhere between 3.7 and 3.8 my patterndb broke validation tests. When running `pdbtool test` I now get:
Joining rulesets with mismatching program name sets
This helpful message seems to be right if I understand it correctly:
<ruleset name='pam_unix' id='72d75cb0-0107-4d12-b0bf-cea36ddf7f38'> <patterns> <pattern>sshd</pattern> <pattern>crond</pattern> <pattern>imap</pattern> <pattern>imapd</pattern> <pattern>login</pattern> <pattern>pam</pattern> <pattern>pure-ftpd</pattern> <pattern>proftpd</pattern> <pattern>su</pattern> <pattern>sudo</pattern>
<ruleset name='cron' id='3a8efec5-6974-4b4a-b203-3247fe235812'> <patterns> <pattern>crond</pattern> <pattern>CROND</pattern> </patterns>
Since when, and why is this illegal now?
Thanks
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hi, On Wed, Mar 22, 2017 at 08:56:17PM +0100, Scheidler, Balázs wrote:
I've added this message in 2015, while fixing a bug in patterndb rule clash.
As it turns out, it was not a syslog-ng upgrade but a change in pdb file ordering [1] that backslashed and garbled my merged patterndb :-/ [1] https://github.com/balabit/syslog-ng/issues/294
Hi, Is it something that we broke then (apart from #294?) -- Bazsi On Fri, Mar 24, 2017 at 2:52 PM, Fabien Wernli <wernli@in2p3.fr> wrote:
Hi,
On Wed, Mar 22, 2017 at 08:56:17PM +0100, Scheidler, Balázs wrote:
I've added this message in 2015, while fixing a bug in patterndb rule clash.
As it turns out, it was not a syslog-ng upgrade but a change in pdb file ordering [1] that backslashed and garbled my merged patterndb :-/
On Sat, Mar 25, 2017 at 07:14:31AM +0100, Scheidler, Balázs wrote:
Is it something that we broke then (apart from #294?)
I don't think so: it's just not a good idea to rely on filesystem directory ordering.
that's true. On Sat, Mar 25, 2017 at 10:30 AM, Fabien Wernli <wernli@in2p3.fr> wrote:
On Sat, Mar 25, 2017 at 07:14:31AM +0100, Scheidler, Balázs wrote:
Is it something that we broke then (apart from #294?)
I don't think so: it's just not a good idea to rely on filesystem directory ordering.
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Bazsi
participants (3)
-
Balazs Scheidler
-
Fabien Wernli
-
Scheidler, Balázs