[syslog-ng] Pattern database and '<'
Balazs Scheidler
bazsi at balabit.hu
Mon Jul 26 16:51:36 CEST 2010
On Fri, 2010-07-23 at 11:25 +0200, Ilas, Yann wrote:
> Hello,
>
> Currently, I'm using syslog-ng version 3.1.1.
>
> I would like to parse that kind of message by using pattern database.
> Here is the message : "<<<<< Message message message".
>
> So I created that xml file :
>
> <?xml version='1.0' encoding='UTF-8'?>
>
> <patterndb version='3' pub_date='2010-07-22'>
>
> <ruleset name='test' id='yann-test-9999999999'>
>
> <description>Programme : test</description>
>
> <pattern>test</pattern>
>
> <rules>
>
> <rule provider='yann' id='ss-test:syslog:dest:123123123:id005'
> class='system'>
>
> <patterns>
>
> <pattern><<<<< Message message message</pattern>
>
> <values>
>
> <value name=".classifier.facility">local0</value>
>
> <value name=".classifier.severity">notice</value>
>
> <value name=".classifier.priority">133</value>
>
> </values>
>
> </patterns>
>
> </rule>
>
> </rules>
>
> </ruleset>
>
> </patterndb>
The other poster has already responded with your original problem. I was
just wondering why you are assigning facility/severity values from your
patterndb parser? Isn't that easier to use the $FACILITY / $LEVEL macros
in a destination file perhaps? Or what do you want to accomplish here?
--
Bazsi
More information about the syslog-ng
mailing list