[syslog-ng] pdbtool 'patternize'
Péter Gyöngyösi
gyp at balabit.hu
Wed Apr 16 12:12:46 CEST 2014
Hi David,
Robert is right, the pattern version is hardcoded.Taking a glimpse at the
patterndb v3 and v4 XSDs I think the update should indeed be trivial, the
format is upwards compatible. I'll send a pull request for this change in a
minute.
Regarding the formatting: it uses the parsing mechanism of syslog-ng
internally. It works just as if you specified a file() source for syslog-ng
with flags(syslog-protocol) added. You can also give "--no-parse" for the
tool which makes it parse logs just like a file() source with
flags(no-parse). It wouldn't be too complicated to make it possible to use
all available file source flags but I never got around doing it.
cheers,
Peter
On Wed, Apr 16, 2014 at 1:40 AM, David Hauck <davidh at netacquire.com> wrote:
> Hello,
>
> Does anyone have an explanation for why a "pdbtool patternize" generated
> pattern db indicates it is version '3'? I'm running the latest version of
> syslog-ng (3.5.4.1) so I was expecting that this would produce a version
> '4' pattern db. Easy enough to change in the generated XML, just wondering
> why the latest generator wouldn't create the latest version.
>
> Also, what is the nominal format for the log messages that the
> 'patternize' command is able to process (i.e., would this be logs that
> contain the nominally formatted syslog-ng output - e.g., via the default
> template: template("$ISODATE $HOST $MSGHDR$MSG\n");). I've seen some output
> that appears to suggest there's some nominal decoding of the input log
> messages.
>
> Thanks,
> -David
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20140416/be2df0bd/attachment.htm
More information about the syslog-ng
mailing list