[syslog-ng] Problems with custom patterndb
Evan Rempel
erempel at uvic.ca
Mon Nov 28 23:28:10 CET 2011
What you have is correct (I tested it on my parser database)
given that the message getting passed to the parser is
192.168.107.132:12260 -> 207.44.101.104:12260 to 48.70.67.223:940
So it really depends if this message is coming from real syslog source
or if it is coming from a "no_parse" source.
Evan.
Clements, Frank wrote:
> Hello Everyone!
>
> I've been trying to get some custom patterns put together to do some log
> correlation and I'm having one hell of a time getting a working
> pattern. I think I need a second, third, forth set of eyes on this ...
> Any help is appreciated!
>
> Message: Nov 25 12:02:27 GENERATED NAT-UDP-C: 192.168.107.132:12260 ->
> 207.44.101.104:12260 to 48.70.67.223:940
> Pattern: @IPvANY:.dict.insideAddr@:@NUMBER:.dict.insidePort@ ->
> @IPvANY:.dict.outsideAddr@:@NUMBER:.dict.outsidePort@ to
> @IPvANY:.dict.destAddr@:@NUMBER:.dict.destPort@
>
> I've looked at a few examples from the community patterns, but nothing
> in this stands out as being "wrong".
>
> Thanks
>
> -
> Frank W Clements
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
--
Evan Rempel erempel at uvic.ca
Senior Systems Administrator 250.721.7691
Unix Services, University Systems, University of Victoria
More information about the syslog-ng
mailing list