[syslog-ng] patterndb project?
Peter Czanik
czanik at balabit.hu
Fri Feb 18 15:56:20 CET 2011
On 02/18/2011 03:41 PM, Valentijn Sessink wrote:
> Hi,
>
> Peter Czanik schreef:
>
>> As you might have read it here on the list or at Bazsi's blog, we plan
>> to move patterndb to CEE instead of using our own schema
>>
> OK. Does this also mean that the patterns at
> http://git.balabit.hu/?p=bazsi/syslog-ng-patterndb.git are out of date,
> i.e. that there are newer (but not public) patterns? (For example, the
> sshd patterns are very useful, variables and all, but there are some
> messages lacking and it's latest revision is from 2010-07-13).
>
> Sending a bunch of patterns that you already have, or sending patterns
> in an oldfashioned format is not my intent.
>
Internally I worked on to convert existing patterns to CEE. Those became
quickly out of date, as CEE is still a moving target. So, for now we
will continue working using the "oldfashioned" format, focusing on login
/ logout events. Once CEE is ready for use, I'll convert patterns from
"oldfashioned" to CEE.
Summary: your patterns are very welcome and I encourage everyone to send
new or updated patterns or help us to collect log samples:
http://czanik.blogs.balabit.com/2010/11/log-sample-collecting-project/
--
Peter Czanik (CzP) <czanik at balabit.hu>
BalaBit IT Security / syslog-ng upstream
http://czanik.blogs.balabit.com/
More information about the syslog-ng
mailing list