[syslog-ng] few questions about patterndb

Hendrik Pahl pahl at team-datentechnik.de
Wed Jun 23 08:46:25 CEST 2010 

Hi folks,

i'm currently testing the patterndb with syslog-ng. After a few test  
runs,there are some open questions.

Will there be some future releases of the patterndb by balabit? Last  
Snapshot has a timestamp from sep. 2009. Or is there a community  
somewhere out there, that i haven't seen yet?:-)

I tested the classification into different logfiles  
(system,violation,unknown) with 1.5M lines of logfiles, and there was  
just one rule matching 'em all:
734adfc8-8a4d-40ad-923d-9d3fbabda34b, which is something about a newly  
connected usb mass storage device. This behaviour can't be correct?

The patternfile "system-apache2.xml" still containts just plain  
messages, no XML anywhere - i thougt this should have been fixed yet?


After some testing with logging messages to file like  
"messages-system/messages-violation/messages-unknown" i'm just asking  
myself about the profit i get when using patterndb. With a standard  
syslog-ng i usually can log things into files divided by the priority  
of the messages  - that's all i want it to do, just have a logfile  
where all errors und failures are logged, just to get the pure number  
of lines down. When controlling a logfile i usually don't really care  
about a cronjob to be successful. What is the profit of using  
patterndb right there?

Thanks in advance,



i.A. Hendrik Pahl
System Engineering

team! datentechnik GmbH & Co.KG
Werner von Siemens Straße 12a
49124 Georgsmarienhuette
Tel.: +49 (0)5401-8226-50
Fax : +49 (0)5401-8226-55

E-Mail: pahl at team-datentechnik.de
Internet: www.team-datentechnik.de
HRA 110397, Amtsgericht Osnabrück
Geschäftsführung: Reemt Lükenga

Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen.
Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich
erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie
diese E-Mail. Vielen Dank.

Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht
gestattet.

This e-mail contains confidential and/or privileged information. If  
you are not
the intended recipient (or have received this e-mail in error) please notify
the sender and delete this message.
Thank you.

Any unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.

More information about the syslog-ng mailing list