No subject


Mon Feb 21 10:55:38 CET 2011 

<patterndb version='3' pub_date='2009-11-04'>
	<ruleset name="ssh">
		<pattern>sshd</pattern>
		<rules>
			<rule class="11" id="11">
				<patterns>
					<!-- s0=usracct.authmethod, s1=usracct.username,
s2=usracct.device, i0=port, s3=usracct.service -->
					<pattern>Accepted @ESTRING:s0: @for @ESTRING:s1: @from
@ESTRING:s2: @port @ESTRING:i0: @@ANYSTRING:s3@</pattern>
				</patterns>
			</rule>
			<rule class="12" id="12">
				<patterns>
					<!-- s0=usracct.authmethod, s1=usracct.username,
s2=usracct.device, i0=port, s3=usracct.service -->
					<pattern>Failed @ESTRING:s0: @for @ESTRING:s1: @from @ESTRING:s2:
@port @ESTRING:i0: @@ANYSTRING:s3@</pattern>
					<pattern>Failed @ESTRING:s0: @for invalid user @ESTRING:s1: @from
@ESTRING:s2: @port @ESTRING:i0: @@ANYSTRING:s3@</pattern>
					<pattern>Failed @ESTRING:s0: @for illegal user @ESTRING:s1: @from
@ESTRING:s2: @port @ESTRING:i0: @@ANYSTRING:s3@</pattern>
				</patterns>
			</rule>
			<rule class="13" id="13">
				<patterns>
					<!-- s0=usracct.username -->
					<pattern>pam_unix(sshd:session): session closed for user
@ANYSTRING:s0:@</pattern>
					<pattern>session closed for user @ANYSTRING:s0:@</pattern>
				</patterns>
			</rule>
		</rules>
	</ruleset>
</patterndb>
On Fri, Nov 18, 2011 at 2:31 AM, Gianluca Tranelli
<g.tranelli at inarcassa.it> wrote:
> Good morning everybody, the time is very good here in Rome, but I don't want
> to talk abbout the weather but about patterndb that is driving me crazy.
> After reading all the administration guide v3.3, I found an example of using
> patterndb to log the duration of an ssh Linux and to log a new formatted
> message. I just copied the XML, ran update-patterndb but nothing happen. Do
> i miss something? Can someone post a complete working example on ssh?
> Patterndb is driving me crazy.
>
> Thank you in advance.
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>

More information about the syslog-ng mailing list