[syslog-ng] patterndb and log analysis
Matt Zagrabelny
mzagrabe at d.umn.edu
Tue Jun 25 18:13:17 CEST 2013
On Tue, Jun 18, 2013 at 11:54 AM, Jakub Jankowski <shasta at toxcorp.com> wrote:
> On 2013-06-18, Matt Zagrabelny wrote:
>
>> I just cloned the git://git.balabit.hu/bazsi/syslog-ng-patterndb.git
>> and it looks like the project has not seen much activity since 2010.
>> Are people still using patterndb? Do the patterns not change much and
>> that is the reason that the git database has not changed much?
>
> https://czanik.blogs.balabit.com/2013/05/patterndb-git-moved-and-updated/
Thanks, Jakub!
I've cloned the repo, but it seems somewhat sparse. The 3.3 OSE admin
PDF states that:
"13.2.2. Downloading sample pattern databases
Sample pattern databases are available at the BalaBit Download page.
Note that even though these pattern databases
contain over 8000 rules for more than 200 applications and devices,
they are only samples and experimental databases
that are not officially supported and may or may not work in your environment."
I only see a small number of applications and correspondingly small
number of rules (compared to 200/8000). Is there a larger database of
rules out there?
Is there a preferred file extension between .xml and .pdb?
Thanks,
-mz
> HTH
>
> --
> Jakub Jankowski|shasta at toxcorp.com|http://toxcorp.com/
> GPG: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
More information about the syslog-ng
mailing list