[syslog-ng] patterndb and log analysis

Balazs Scheidler bazsi77 at gmail.com
Wed Jun 26 06:08:38 CEST 2013


There was a larger database that was converted from logcheck regexps, but
that was only useful for classification and  not to extract fields from log
messages

Here's the link

http://www.balabit.com/downloads/files/patterndb-snapshot/patterndb-20091209.zip
On Jun 25, 2013 6:13 PM, "Matt Zagrabelny" <mzagrabe at d.umn.edu> wrote:

> On Tue, Jun 18, 2013 at 11:54 AM, Jakub Jankowski <shasta at toxcorp.com>
> wrote:
> > On 2013-06-18, Matt Zagrabelny wrote:
> >
> >> I just cloned the git://git.balabit.hu/bazsi/syslog-ng-patterndb.git
> >> and it looks like the project has not seen much activity since 2010.
> >> Are people still using patterndb? Do the patterns not change much and
> >> that is the reason that the git database has not changed much?
> >
> >
> https://czanik.blogs.balabit.com/2013/05/patterndb-git-moved-and-updated/
>
> Thanks, Jakub!
>
> I've cloned the repo, but it seems somewhat sparse. The 3.3 OSE admin
> PDF states that:
>
> "13.2.2. Downloading sample pattern databases
> Sample pattern databases are available at the BalaBit Download page.
> Note that even though these pattern databases
> contain over 8000 rules for more than 200 applications and devices,
> they are only samples and experimental databases
> that are not officially supported and may or may not work in your
> environment."
>
> I only see a small number of applications and correspondingly small
> number of rules (compared to 200/8000). Is there a larger database of
> rules out there?
>
> Is there a preferred file extension between .xml and .pdb?
>
> Thanks,
>
> -mz
>
> > HTH
> >
> > --
> > Jakub Jankowski|shasta at toxcorp.com|http://toxcorp.com/
> > GPG: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D
> >
> ______________________________________________________________________________
> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> >
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20130626/1200b0da/attachment.htm 


More information about the syslog-ng mailing list