[syslog-ng] patterndb
Gianluca Tranelli
g.tranelli at inarcassa.it
Fri Nov 18 18:28:38 CET 2011
Thanks but what exactly I have to write in my syslog-ng.conf?
I wrote this:
destination d_garante {
file("/var/log/garante");
};
parser pattern_db {
db_parser( file("/var/lib/syslog-ng/patterndb.xml"));
};
log {
source(s_local);
source(s_network);
parser(pattern_db);
destination( d_garante);
};
is this right?
----- Messaggio da mcholste at gmail.com ---------
Data: Fri, 18 Nov 2011 09:15:33 -0600
Da: Martin Holste <mcholste at gmail.com>
Rispondi-A: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Oggetto: Re: [syslog-ng] patterndb
A: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
> From
> http://enterprise-log-search-and-archive.googlecode.com/svn/trunk/elsa/node/conf/patterndb.xml:
>
> <patterndb version='3' pub_date='2009-11-04'>
> <ruleset name="ssh">
> <pattern>sshd</pattern>
> <rules>
> <rule class="11" id="11">
> <patterns>
> <!-- s0=usracct.authmethod, s1=usracct.username,
> s2=usracct.device, i0=port, s3=usracct.service -->
> <pattern>Accepted @ESTRING:s0: @for @ESTRING:s1: @from
> @ESTRING:s2: @port @ESTRING:i0: @@ANYSTRING:s3@</pattern>
> </patterns>
> </rule>
> <rule class="12" id="12">
> <patterns>
> <!-- s0=usracct.authmethod, s1=usracct.username,
> s2=usracct.device, i0=port, s3=usracct.service -->
> <pattern>Failed @ESTRING:s0: @for @ESTRING:s1: @from @ESTRING:s2:
> @port @ESTRING:i0: @@ANYSTRING:s3@</pattern>
> <pattern>Failed @ESTRING:s0: @for invalid user @ESTRING:s1: @from
> @ESTRING:s2: @port @ESTRING:i0: @@ANYSTRING:s3@</pattern>
> <pattern>Failed @ESTRING:s0: @for illegal user @ESTRING:s1: @from
> @ESTRING:s2: @port @ESTRING:i0: @@ANYSTRING:s3@</pattern>
> </patterns>
> </rule>
> <rule class="13" id="13">
> <patterns>
> <!-- s0=usracct.username -->
> <pattern>pam_unix(sshd:session): session closed for user
> @ANYSTRING:s0:@</pattern>
> <pattern>session closed for user @ANYSTRING:s0:@</pattern>
> </patterns>
> </rule>
> </rules>
> </ruleset>
> </patterndb>
> On Fri, Nov 18, 2011 at 2:31 AM, Gianluca Tranelli
> <g.tranelli at inarcassa.it> wrote:
>> Good morning everybody, the time is very good here in Rome, but I don't want
>> to talk abbout the weather but about patterndb that is driving me crazy.
>> After reading all the administration guide v3.3, I found an example of using
>> patterndb to log the duration of an ssh Linux and to log a new formatted
>> message. I just copied the XML, ran update-patterndb but nothing happen. Do
>> i miss something? Can someone post a complete working example on ssh?
>> Patterndb is driving me crazy.
>>
>> Thank you in advance.
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
----- Fine messaggio da mcholste at gmail.com -----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20111118/6d3d82ea/attachment.htm
More information about the syslog-ng
mailing list