[syslog-ng] Question about QSTRING and "<>" separators

[Balazs Scheidler]

On Fri, 2010-07-23 at 11:45 +0200, Ilas, Yann wrote:
> Hello,
> 
> I have another question (the last of the day ?) about db parser. In
> fact, my question is about the QSTRING. I'm not sur to understand how
> to use it.
> 
> I follow the example given here
> (http://marci.blogs.balabit.com/2009/04/intorduction-to-parser-in-syslog-ng-db.html) but it doesn't seem to work.
> 
> Here is my xml file :
> 
> <?xml version='1.0' encoding='UTF-8'?>
> 
> <patterndb version='3' pub_date='2010-07-23'>
> 
>   <ruleset name='test' id='yann-test'>
> 
>     <description>Programme : test</description>
> 
>     <pattern>test</pattern>
> 
>     <rules>
> 
>       <rule provider='yann' id='123456789' class='system'>
> 
>       <patterns>
> 
>          <pattern>@QSTRING:message:<>@ Message message
> message</pattern>
> 
>       </patterns>
> 
>       </rule>
> 
>     </rules>
> 
>   </ruleset>
> 
> </patterndb>
> 
> I try to test a message by using the pdbtool :
> 
> $ /opt/syslog-ng/bin/pdbtool match -p /tmp/syslog-ng.xml -P test -M
> "<123> Message message message"
> 
> Key contains '@' without escaping; key='@QSTRING:message:',
> value='123456789'
> 
> Error parsing pattern database file; filename='/tmp/syslog-ng.xml',
> error='Error on line 9 char 38: \'>\' is not a valid character
> following a \'<\' character; it may not begin an element name'
> 
> ...and I obtain this error.
> 
> What's wrong with the message or the use of QSTRING ?
> 
> I replaced '<>' by "'" (simple quote) and it works…

Again, you need to use &lt;&gt;

-- 
Bazsi