[syslog-ng] Pattern database and '<'
Ilas, Yann
yann.ilas at eads.com
Fri Jul 23 11:25:45 CEST 2010
Hello,
Currently, I'm using syslog-ng version 3.1.1.
I would like to parse that kind of message by using pattern database.
Here is the message : "<<<<< Message message message".
So I created that xml file :
<?xml version='1.0' encoding='UTF-8'?>
<patterndb version='3' pub_date='2010-07-22'>
<ruleset name='test' id='yann-test-9999999999'>
<description>Programme : test</description>
<pattern>test</pattern>
<rules>
<rule provider='yann' id='ss-test:syslog:dest:123123123:id005'
class='system'>
<patterns>
<pattern><<<<< Message message message</pattern>
<values>
<value name=".classifier.facility">local0</value>
<value name=".classifier.severity">notice</value>
<value name=".classifier.priority">133</value>
</values>
</patterns>
</rule>
</rules>
</ruleset>
</patterndb>
I obtain that message when I try to parse with the pdbtool application :
$ pdbtool match -p syslog-ng.xml -P test -M "<<<<< Message message
message"
Error parsing pattern database file; filename='/tmp/syslog-ng.xml',
error='Error on line 9 char 22: \'<\' is not a valid character following
a \'<\' character; it may not begin an element name'
Into the xml file, I replaced '<<<<<' with @STRING::@ or @ESTRING...@
but it doesn't work. Is it possible to match that kind of message ?
Regards,
Yann
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20100723/efb25c9d/attachment.htm
More information about the syslog-ng
mailing list