[syslog-ng] Separating Remote Logs
SZALAY Attila
sasa at balabit.hu
Mon Jan 11 16:33:37 CET 2010
Hi!
On Mon, 2010-01-11 at 09:55 -0500, Nate Hausrath wrote:
>
> Right now, the ASA logs are being placed in the other.log file, and no
> other logs are being placed anywhere (even though I have verified they
> are being received). Just to reiterate, I'm trying to place the
> Windows logs in a windows.log file, ASA logs in an asa.log file, and
> everything else in the other.log file.
You can try to match a log message with the given pattern ruleset with
the pdbtool command.
First try to dump the patterndb with the dump command
pdbtool dump -p /opt/ssb/var/db/patterndb.xml -T
Then check the programs:
pdbtool dump -p /opt/ssb/var/db/patterndb.xml -P zcv
After that (if everything is good) try to match a log message:
pdbtool match -p /opt/ssb/var/db/patterndb.xml -P zcv -M "Iam the message part."
Do not forget to set the program with the -P option.
Is the pdbtool found the correct rule?
More information about the syslog-ng
mailing list