[syslog-ng] pdbtool patternize update and my syslog-ng 3.2 branch

Sat Sep 25 03:58:18 CEST 2010

I guess I missed that build option.

Has anybody else used it successfully?

On Fri, Sep 24, 2010 at 08:55:06PM -0500, Martin Holste wrote:
> Can you compile on Ubuntu or some other distro with
> --enable-static-linking and then just port the binaries over?
> 
> On Fri, Sep 24, 2010 at 7:38 PM, Matthew Hall <mhall at mhcomputing.net> wrote:
> > The problem is I really seriously need GYP's pdbtool patternize 3.2 Git tree.
> >
> > I am unaware of any prebuilt RPMs for it or I would have installed them
> > long ago so I would not need to deal with this. :-)
> >
> > Matthew
> >
> > On Fri, Sep 24, 2010 at 03:44:37PM -0600, PATRICK HEMMER wrote:
> >> Ya, I imagine theyre static linked because its easier to release for
> >> more distro's that way. I build the RPMs for our environment because
> >> there are a few extra patches I throw in (and I want pcre). For our
> >> older boxes (RHEL4), I build both glib and pcre in a separate dir
> >> (not installed in the system), and then when compiling syslog-ng I
> >> static link just pcre and glib, and leave everything else linked
> >> against the normal system libs.
> >>
> >> Unless you have some reason to not use the binaries provided by
> >> balabit, I'd say its would be much easier to just use those.
> >>
> >> -Patrick
> >>
> >> Sent: Fri Sep 24 2010 14:53:25 GMT-0600 (Mountain Daylight Time)
> >> From: Matthew Hall <mhall at mhcomputing.net>
> >> To: Syslog-ng users' and developers' mailing list
> >> <syslog-ng at lists.balabit.hu>
> >> Subject: Re: [syslog-ng] pdbtool patternize update and my syslog-ng
> >> 3.2 branch
> >> >Further investigation...
> >> >
> >> >The Balabit RPMs must be built specially because the daemon looks
> >> >mostly statically linked. Is there some secret to building code
> >> >for old Linuxes like the BalaBit RPMs?
> >> >
> >> >Matthew.
> >> >
> >> >On Fri, Sep 24, 2010 at 10:57:38AM -0700, Matthew Hall wrote:
> >> >>Hello Peter,
> >> >>
> >> >>Thanks for the update on the status of patterndb patternize.
> >> >>
> >> >>I wondered if the memory leaks you said existed in the old
> >> >>version had been fixed, you did not say one way or the other in
> >> >>your mail.
> >> >>
> >> >>I also wonder if anybody at Balabit could tell me how to build a
> >> >>copy of your Git tree on RHEL 4 or RHEL 5. I get problems
> >> >>because the PCRE is too old but when I switch to new PCRE, PCRE
> >> >>will not build because the autotools and pkg-config are too old.
> >> >>
> >> >>It's a problem for me because unfortunately my company only
> >> >>supports RHEL here and otherwise I have to run it in an Ubuntu
> >> >>10.04 or Debian VM with way too little memory for the tool to
> >> >>run right.
> >> >>
> >> >>Would it be possible to build a version of your tree for RHEL 4 or 5?
> >> >>
> >> >>Matthew.
> >> >>
> >> >>On Fri, Sep 24, 2010 at 11:27:48AM +0200, Peter Gyongyosi wrote:
> >> >>>Hello,
> >> >>>
> >> >>>As the patterndb project is starting to gain some momentum I thought
> >> >>>it'd be the right time to port my patternize tool to the new,
> >> >>>plugin-based 3.2 codebase as the first step towards getting it
> >> >>>integrated --- and to be able to use the fancy new pdbtool features
> >> >>>along with patternize. To those who are unfamiliar with it,
> >> >>>patternize is an addition to pdbtool that makes it possible to
> >> >>>automatically generate a pattern database from raw logs using
> >> >>>statistical data clustering methods: you can read more about it in
> >> >>>this blog post:
> >> >>>http://gyp.blogs.balabit.com/2010/01/introducing-pdbtool-patternize/
> >> >>>
> >> >>>Besides the port to the new codebase, it's received some fixes and
> >> >>>new features since my original post:
> >> >>>
> >> >>> * multiple small internal bugfixes to get rid of weird errors
> >> >>> * added the option "/--named-parsers/" that names the found
> >> >>>@ESTRING at s like "/.dict.string0,1,2,3.../"
> >> >>> * Balint Kovacs has sent three contributions: added support for
> >> >>>reading the logfile from the standard input, escaping special
> >> >>>characters in the output and putting examples in the XML that can be
> >> >>>used for self-testing.
> >> >>>
> >> >>>It can be found in my public syslog-ng 3.2 tree:
> >> >>>http://git.balabit.hu/?p=gyp/syslog-ng-3.2.git;a=summary
> >> >>>
> >> >>>If you're already using it (I've received some feedback so I guess
> >> >>>some of you do), please note that most probably this 3.2-based
> >> >>>branch will get the fixes and new features from now on.
> >> >>>
> >> >>>It's only received a basic sanity check and the unit tests do pass,
> >> >>>so as usual, handle it with care and all feedback is welcome.
> >> >>>
> >> >>>greets,
> >> >>>Peter
> >> >>>
> >> >>>ps.: the branch also contains a patch that fixes a wrong section
> >> >>>name in pdbtool's man page and I'll try to update the whole manpage
> >> >>>a bit when adding a section for patternize soon -- Bazsi, you might
> >> >>>want to pull those to the mainline.
> >> >______________________________________________________________________________
> >> >Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> >> >Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> >> >FAQ: http://www.campin.net/syslog-ng/faq.html
> >> >
> >
> >> ______________________________________________________________________________
> >> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> >> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> >> FAQ: http://www.campin.net/syslog-ng/faq.html
> >>
> >
> > ______________________________________________________________________________
> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ: http://www.campin.net/syslog-ng/faq.html
> >
> >
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
> 