[syslog-ng] patterndb repositoy and best practices
Martin Holste
mcholste at gmail.com
Fri Nov 25 20:35:32 CET 2011
No registry that I know of. A while back I think there was some
discussion along these lines, but I don't know that anything official
ever got hammered out. Since ELSA uses PatternDB, I'm also very
interested in this direction, because if a standard were developed,
ELSA could be made to both produce and consume these patterns with
repository integration.
On Fri, Nov 25, 2011 at 12:55 PM, Evan Rempel <erempel at uvic.ca> wrote:
> We are preparing to leverage the patterndb functionality in a very big way.
> A few questions before I jump.
>
> 1. Is there a public repository of pattern databases?
>
> 2. Is there some registry for creating the uniq IDs for rules and rule sets?
> For example, is there anything that prevents me from creating a rule with
> a duplicate rule ID that would result in an ID collision when merged
> with some other patterndb author?
>
> 3. Is there any registry for tag names, or key value pair names so that
> tags that I place on a message will be usable by others syslog-ng
> configuration filters?
>
> 4. Are there any best practices for tag names or key names to provide
> any kind of grouping? For example;
>
> user.name
> user.uid
> user.gid
> host.address.ipv4
> host.address.ipv6
> host.name
>
>
>
> Any pointers or discussion will be helpful because we are looking at producing
> a complete "artificial ignorance" infrastructure for our entire organization,
> from linux, research compute clusters, network gear, Windows hosts,
> web hosting, database services etc.
>
> Thanks for your time.
>
> Evan
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
More information about the syslog-ng
mailing list