[syslog-ng] Question about QSTRING and "<>" separators
Ilas, Yann
yann.ilas at eads.com
Fri Jul 23 11:45:44 CEST 2010
Hello,
I have another question (the last of the day ?) about db parser. In
fact, my question is about the QSTRING. I'm not sur to understand how to
use it.
I follow the example given here
(http://marci.blogs.balabit.com/2009/04/intorduction-to-parser-in-syslog
-ng-db.html) but it doesn't seem to work.
Here is my xml file :
<?xml version='1.0' encoding='UTF-8'?>
<patterndb version='3' pub_date='2010-07-23'>
<ruleset name='test' id='yann-test'>
<description>Programme : test</description>
<pattern>test</pattern>
<rules>
<rule provider='yann' id='123456789' class='system'>
<patterns>
<pattern>@QSTRING:message:<>@ Message message message</pattern>
</patterns>
</rule>
</rules>
</ruleset>
</patterndb>
I try to test a message by using the pdbtool :
$ /opt/syslog-ng/bin/pdbtool match -p /tmp/syslog-ng.xml -P test -M
"<123> Message message message"
Key contains '@' without escaping; key='@QSTRING:message:',
value='123456789'
Error parsing pattern database file; filename='/tmp/syslog-ng.xml',
error='Error on line 9 char 38: \'>\' is not a valid character following
a \'<\' character; it may not begin an element name'
...and I obtain this error.
What's wrong with the message or the use of QSTRING ?
I replaced '<>' by "'" (simple quote) and it works...
Regards,
Yann I.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20100723/d8aeb0db/attachment-0001.htm
More information about the syslog-ng
mailing list