[syslog-ng] PatternDB program name pattern - invalid characters
Gergely Nagy
algernon at balabit.hu
Fri Jan 18 12:56:54 CET 2013
Evan Rempel <erempel at uvic.ca> writes:
> /tmp/mksysdb.4256.xml:12069: element rule: Schemas validity error :
> Element 'rule', attribute 'class': [facet 'pattern'] The value '%ASA'
> is not accepted by the pattern '[\-a-zA-Z0-9_\.]+'.
>
> I have been bitten once again by the limitation of the program name
> pattern in the patterndb.
>
> Can this character set limitation just be removed?
Personally, I'd just remove it. The restriction does not help syslog-ng,
we'd be fine with any value whatsoever. But back in October when the
dash was added to the regexp, Bazsi commented (in #203[1]) that to him,
it makes sense to have a regexp, and not allow arbitrary strings.
[1]: https://bugzilla.balabit.com/show_bug.cgi?id=203#c2
As a compromise, I can add % to the regexp aswell, and any other
character you may find in cisco/symantec/vmware logs (just tell me which
these are, I use neither of those products).
In the long run though, I'd like to understand why a restriction is
useful in this case, and if it turns out not to be, remove it
altogether.
> If you really want to keep it, can the valid set be made very
> inclusive.
What would you consider sufficiently inclusive? Would something like
"[\-a-zA-Z0-9_\.%@!^/\+:]+" work? (%, @, !, ^, /, + and : added).
--
|8]
More information about the syslog-ng
mailing list