[syslog-ng] Debugging Pattern Match Failures

Martin Holste mcholste at gmail.com
Tue Aug 3 05:07:36 CEST 2010


Did you try the patternize utility?  It can automate a lot of the
pattern creating.  It's on git and written about here:
http://gyp.blogs.balabit.com/2010/01/introducing-pdbtool-patternize.html
.  Also, are you using the pdbtool to test the messages?  See this
blog post for more info:
http://marci.blogs.balabit.com/2010/07/pdbtool-test-and-pattern-database.html
.

--Martin

On Mon, Aug 2, 2010 at 9:39 PM, Matthew Hall <mhall at mhcomputing.net> wrote:
> Hello list,
>
> Recently I created a series of blasphemous scripts which convert some
> large collections of recorded log messages in my environment into
> pattern DB XML files. At first there were some syntax errors but I fixed
> all of these and the XML files are loading successfully.
>
> However I am running into some problems with the next step: getting the
> patterns to match against the incoming log messages. I suspect I am not
> properly stripping the headers off of the disk files of recorded
> messages I am using to generate the pattern DB XML files.
>
> I am wondering how I can enable the right debugging capabilities to get
> more detailed debug output from the pattern DB parser where I can see
> what strings are being processed so that I can fix this right instead
> of guessing repeatedly and incorrectly.
>
> Thanks,
> Matthew Hall.
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>


More information about the syslog-ng mailing list