[syslog-ng] db-parser
Jacopo Cappelli
jacopo89 at gmail.com
Tue Jul 7 10:56:19 CEST 2009
I can't understand how work db-parser, i want to parse a string:
m-56767-1333854 79.127.28.54 <mfdesigner at diggitgraphics.com>
MessageScore is now 30, after adding 30 (Suspicious HELO - contains
IP: '[79.127.28.54]')
I wanto to have m-56767-1333854 on $ID_MESSAGE and 79.127.28.54
<mfdesigner at diggitgraphics.com> MessageScore is now 30, after adding
30 (Suspicious HELO - contains IP: '[79.127.28.54]') on $MSG
i try with:
<patterndb>
<ruleset name='assp'>
<pattern>assp</pattern>
<rules>
<rule provider='balabit' id='1' class='system'>
<patterns>
<pattern>@QSTRING:id_message: @ @QSTRING:msg@</pattern>
</patterns>
</rule>
</rules>
</ruleset>
</patterndb>
But i have the field on db empty. I read link about db-parser usage
but i can't resolve...
Thanks,
Jacopo
--
Linux, Windows Xp ed MS-DOS
(anche conosciuti come il Bello, il Brutto ed il Cattivo).
-- Matt Welsh
More information about the syslog-ng
mailing list