[syslog-ng] [Bug 216] New: 3.4.0rc1 LLADDR parser does not work

bugzilla at bugzilla.balabit.com bugzilla at bugzilla.balabit.com
Tue Jan 15 22:45:26 CET 2013 

https://bugzilla.balabit.com/show_bug.cgi?id=216

           Summary: 3.4.0rc1 LLADDR parser does not work
           Product: syslog-ng
           Version: 3.4.x
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: unspecified
         Component: syslog-ng
        AssignedTo: bazsi at balabit.hu
        ReportedBy: erempel at uvic.ca
Type of the Report: ---
   Estimated Hours: 0.0


IT does not matter if I use @LLADDR@, @LLADDR:mac@, @LLADDR:mac:6@ or @LLADDR::6@ I get the same results

On syslog-ng 3.3.7 (with a patch to get the LLADDR parser) I get

% /usr/local/bin/pdbtool test --validate ./pattern.xml 
./pattern.xml validates
Testing message program='dhcpd' message='DHCPDISCOVER from e8:3e:b6:95:b2:38 (BLACKBERRY-27BD) via 142.104.103.253'

On syslog-ng 3.4.0rc1

% /usr/local/bin/pdbtool test --validate ~/pattern.xml
/home1l/erempel/pattern.xml validates
Testing message program='dhcpd' message='DHCPDISCOVER from e8:3e:b6:95:b2:38 (BLACKBERRY-27BD) via 142.104.103.253'
 Wrong match name='.classifier.rule_id', value='', expected='18c8c7bf-977d-4495-ab73-8692f9bfb0f2'
 Wrong match name='ip', value='', expected='142.104.103.253'
 Wrong match name='mac', value='', expected='e8:3e:b6:95:b2:38'
 Wrong match name='name', value='', expected='BLACKBERRY-27BD'


With a minimal pattern.xml

<patterndb version="4" pub_date="2009-09-01">
   <ruleset name="dhcpd" id="RS-4d2abc9e-ae62-4dff-a87d-501503ed1360">
      <pattern>dhcpd</pattern>
      <rules>
         <rule id="18c8c7bf-977d-4495-ab73-8692f9bfb0f2" class="dhcpd" provider="UVic">
            <patterns>
               <pattern>DHCPDISCOVER from @LLADDR:mac:6@ @QSTRING:name:()@ via @IPv4:ip@</pattern>
            </patterns>
            <tags>
               <tag>ignore</tag>
            </tags>
            <values>
               <value name="AUTHPROGRAM">dhcpd</value>
            </values>
            <examples>
               <example>
                  <test_message program="dhcpd">DHCPDISCOVER from e8:3e:b6:95:b2:38 (BLACKBERRY-27BD) via 142.104.103.253</test_message>
                  <test_values>
                     <test_value name="ip">142.104.103.253</test_value>
                     <test_value name="mac">e8:3e:b6:95:b2:38</test_value>
                     <test_value name="name">BLACKBERRY-27BD</test_value>
                  </test_values>
               </example>
            </examples>
         </rule>
      </rules>
   </ruleset>
</patterndb>


-- 
Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the syslog-ng mailing list