[syslog-ng] patterndb and log analysis
bazsi77 at gmail.com
Wed Jun 26 06:08:38 CEST 2013
There was a larger database that was converted from logcheck regexps, but
that was only useful for classification and not to extract fields from log
Here's the link
On Jun 25, 2013 6:13 PM, "Matt Zagrabelny" <mzagrabe at d.umn.edu> wrote:
> On Tue, Jun 18, 2013 at 11:54 AM, Jakub Jankowski <shasta at toxcorp.com>
> > On 2013-06-18, Matt Zagrabelny wrote:
> >> I just cloned the git://git.balabit.hu/bazsi/syslog-ng-patterndb.git
> >> and it looks like the project has not seen much activity since 2010.
> >> Are people still using patterndb? Do the patterns not change much and
> >> that is the reason that the git database has not changed much?
> Thanks, Jakub!
> I've cloned the repo, but it seems somewhat sparse. The 3.3 OSE admin
> PDF states that:
> "13.2.2. Downloading sample pattern databases
> Sample pattern databases are available at the BalaBit Download page.
> Note that even though these pattern databases
> contain over 8000 rules for more than 200 applications and devices,
> they are only samples and experimental databases
> that are not officially supported and may or may not work in your
> I only see a small number of applications and correspondingly small
> number of rules (compared to 200/8000). Is there a larger database of
> rules out there?
> Is there a preferred file extension between .xml and .pdb?
> > HTH
> > --
> > Jakub Jankowski|shasta at toxcorp.com|http://toxcorp.com/
> > GPG: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D
> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation:
> > FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the syslog-ng