[syslog-ng] Pattern Matching Issues

Peter Mills pmills at imtechtelecom.com
Thu Sep 16 11:22:34 CEST 2010 

 
I am new to syslog-ng and just trying to get a basic version 1 XML
pattern match file working properly.
 
The output with an associated template is redirected to a file.  It
currently claims there is no such value.  Does this mean that the
pattern match has failed?
 
Using syslog-ng (3.0.8) 
 
parser p_patterndb {

   db_parser(file("/opt/syslog-ng/var/db/patterns/v1/test.xml"));

};

 

# Check pattern matching is working

 

log {

    source(s_ext);

    parser(p_patterndb);  <<<<<

    destination(df_udp_pattern_output);

};

 

#Check pattern matching
destination df_udp_pattern_output {
   file("/var/log/pattern_output"
   template("$PROGRAM,${rest},,$MSG\n") template_escape(no));
};


Output of:
 
/opt/syslog-ng/sbin/syslog-ng -e -F -d -v > /tmp/syslog-ng.out 2>&1

 

Incoming log entry; line='<131>1 - - WXC-192.168.61.202 register 1102
[wx-event at juniper.net eventtime="1284626839" metric="Primary Reg
Server Unreachable" sev="major" type="sys"] REG: Self registration
failed. IP=192.168.61.242.'
Filter rule evaluation begins; filter_rule='f_messages'
Filter node evaluation result; filter_result='not-match',
filter_type='level'
Filter node evaluation result; filter_result='not-match',
filter_type='AND'
Filter rule evaluation result; filter_result='not-match',
filter_rule='f_messages'
Filter rule evaluation begins; filter_rule='f_udp_nagios_check'
Filter node evaluation result; filter_result='not-match'
Filter rule evaluation result; filter_result='not-match',
filter_rule='f_udp_nagios_check'
Filter rule evaluation begins; filter_rule='wxc_all'
Filter node evaluation result; filter_result='not-match',
filter_type='level'
Filter rule evaluation result; filter_result='not-match',
filter_rule='wxc_all'
Filter rule evaluation begins; filter_rule='wxc_tunnel_info'
Filter node evaluation result; filter_result='not-match',
filter_type='level'
Filter node evaluation result; filter_result='not-match',
filter_type='AND'
Filter rule evaluation result; filter_result='not-match',
filter_rule='wxc_tunnel_info'
Filter rule evaluation begins; filter_rule='wxc_tunnel_warn'
Filter node evaluation result; filter_result='not-match',
filter_type='level'
Filter node evaluation result; filter_result='not-match',
filter_type='AND'
Filter rule evaluation result; filter_result='not-match',
filter_rule='wxc_tunnel_warn'
Filter rule evaluation begins; filter_rule='wxc_tunnel_crit'
Filter node evaluation result; filter_result='not-match',
filter_type='level'
Filter node evaluation result; filter_result='not-match',
filter_type='AND'
Filter rule evaluation result; filter_result='not-match',
filter_rule='wxc_tunnel_crit'
Filter rule evaluation begins; filter_rule='wxc_license_crit'
Filter node evaluation result; filter_result='not-match',
filter_type='level'
Filter node evaluation result; filter_result='not-match',
filter_type='AND'
Filter rule evaluation result; filter_result='not-match',
filter_rule='wxc_license_crit'
No such value known; value='rest'   <<<<

root at nagios-collector:/opt/syslog-ng/var/db/patterns/v1
<mailto:root at nagios-collector:/opt/syslog-ng/var/db/patterns/v1> # cat
test1.xml
<?xml version="1.0" encoding="utf-8"?>
<patterndb version="1" pub_date="2009-04-17">
  <program name="1">
    <pattern>wxc</pattern>
    <rule id="1" class="system">
      <pattern>@ANYSTRING:rest@</pattern>
    </rule>
  </program>
</patterndb>
root at nagios-collector:/opt/syslog-ng/var/db/patterns/v1
<mailto:root at nagios-collector:/opt/syslog-ng/var/db/patterns/v1> #
 
Thanks
 
Peter



Imtech Telecom Global is a limited company registered in England and Wales. Registered number: GB04407184. Registered office: Viables 3, Jays Close, Basingstoke, Hampshire, RG22 4BS.
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20100916/f67c43bd/attachment.htm

More information about the syslog-ng mailing list