No subject


Wed Apr 4 22:31:46 CEST 2012 

<ruleset name="junos" id='1001'>
               <rules>
                       <rule provider="ELSA" class='1001' id='1001'>
                               <patterns>
                                  <pattern>RT_FLOW_SESSION_CLOSE:
session closed @STRING:s0: @:
@IPv4:i0:@/@NUMBER:i4:@->@IPv4:i1:@/@NUMBER:i2:@ @STRING:s2:-@
@IPv4::@/@NUMBER::@->@IPv4::@/@NUMBER::@ @STRING::@ @STRING:s1:@
@NUMBER:i3:@</pattern>
                               </patterns>
                               <examples>
                                       <example>
                                               <test_message
program="">RT_FLOW_SESSION_CLOSE: session closed TCP FIN:
10.196.0.15/25668->81.45.8.13/80 junos-http
212.31.40.37/14243->81.45.8.13/80 r1 None 6 Navegacion_temporal trust
untrust 54117 8(1426) 7(903) 2</test_message>
                                               <test_values>
                                                       <test_value
name="i0">10.196.0.15</test_value>
                                                       <test_value
name="i1">81.45.8.13</test_value>
                                                       <test_value
name="i2">80</test_value>
                                                       <test_value
name="i3">6</test_value>
                                                       <test_value
name="i4">25668</test_value>
                                                       <test_value
name="s0">TCP FIN</test_value>
                                                       <test_value
name="s1">None</test_value>
                                                       <test_value
name="s2">junos-http</test_value>
                                               </test_values>
                                       </example>
                               </examples>
                       </rule>
               </rules>
       </ruleset>

On Fri, Apr 27, 2012 at 12:39 PM, Rob Cameron <rwcameron at gmail.com> wrote:
> Team syslog-ng,
>
> I am attempting to write a parser to break apart a structured syslog message
> and break it into values that I will ultimately forward to MongoDB. I am
> unable to get the parsing to work. Below is a link to my parser database
> file and I have built in a simple test case. If someone could assist me by
> matching at least one field of the test log found in my example PDB I would
> be most appreciative for the help. I will also contribute my PDB back to the
> community.
>
> https://github.com/RobWC/syslog-ng-SRX/blob/master/junos-sme-12.1.pdb
>
> Thanks again for your help.
>
> --
> Rob
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>

More information about the syslog-ng mailing list