[syslog-ng] Error in pattern ?
Thanh Dat
dat.tt at netnam.vn
Mon Aug 10 06:33:13 CEST 2015
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150810/ec983c60/attachment-0001.htm
-------------- next part --------------
Jul 25 23:59:59 aitsSendingGW1 postfix/smtpd[27832]: C35CF1FEDC: client=localhost[127.0.0.1]
Jul 25 23:59:59 aitsSendingGW1 postfix/cleanup[28254]: C35CF1FEDC: message-id=<1.7e094e72657c1feb21ed at EnewLetter>
Jul 26 00:00:01 aitsSendingGW1 postfix/qmgr[11346]: C35CF1FEDC: from=<noreply at vietnamairlines.com>, size=18383, nrcpt=1 (queue active)
Jul 26 00:00:03 aitsSendingGW1 postfix/smtp[28422]: C35CF1FEDC: to=<hoangnguyen140288 at gmail.com>, relay=gmail-smtp-in.l.google.com[74.125.23.26]:25, delay=4.7, delays=2.7/0/1.2/0.83, dsn=2.0.0, status=sent (250 2.0.0 OK 1437843602 zl8si30056451pac.150 - gsmtp)
Jul 26 00:00:03 aitsSendingGW1 postfix/qmgr[11346]: C35CF1FEDC: removed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: postfix.xml
Type: text/xml
Size: 7284 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150810/ec983c60/attachment-0001.bin
-------------- next part --------------
[2015-08-10T10:13:58.420674] Incoming log entry; line='Jul 25 23:59:59 aitsSendingGW1 postfix/smtpd[27832]: C35CF1FEDC: client=localhost[127.0.0.1]'
[2015-08-10T10:13:58.420990] patterndb rule matches; rule_id='a649fca8-3916-2444-5238-7495cb64bf76'
[2015-08-10T10:13:58.421045] Advancing patterndb current time because of an incoming message; utc='1437843599'
[2015-08-10T10:13:58.421084] Correllation context lookup failure, starting a new context; rule='a649fca8-3916-2444-5238-7495cb64bf76', context='C35CF1FEDC', context_timeout='0', context_expiration='1437843599'
[2015-08-10T10:13:58.421124] Message parsing complete; result='1'
[2015-08-10T10:13:58.421142] Filter rule evaluation begins; rule='f_triggers', location='/etc/syslog-ng/syslog-ng.conf:78:20'
[2015-08-10T10:13:58.421166] Filter node evaluation result; result='not-match'
[2015-08-10T10:13:58.421206] Filter rule evaluation result; result='not-match', rule='f_triggers', location='/etc/syslog-ng/syslog-ng.conf:78:20'
[2015-08-10T10:13:58.421245] Incoming log entry; line='Jul 25 23:59:59 aitsSendingGW1 postfix/cleanup[28254]: C35CF1FEDC: message-id=<1.7e094e72657c1feb21ed at EnewLetter>'
[2015-08-10T10:13:58.421299] patterndb rule matches; rule_id='a249fca8-3916-2444-5238-7495cb64bf76'
[2015-08-10T10:13:58.421331] Advancing patterndb current time because of an incoming message; utc='1437843599'
[2015-08-10T10:13:58.421360] Correllation context lookup successful; rule='a249fca8-3916-2444-5238-7495cb64bf76', context='C35CF1FEDC', context_timeout='0', context_expiration='1437843599', num_messages='1'
[2015-08-10T10:13:58.421393] Message parsing complete; result='1'
[2015-08-10T10:13:58.421414] Filter rule evaluation begins; rule='f_triggers', location='/etc/syslog-ng/syslog-ng.conf:78:20'
[2015-08-10T10:13:58.421430] Filter node evaluation result; result='not-match'
[2015-08-10T10:13:58.421447] Filter rule evaluation result; result='not-match', rule='f_triggers', location='/etc/syslog-ng/syslog-ng.conf:78:20'
[2015-08-10T10:13:58.421473] Incoming log entry; line='Jul 26 00:00:01 aitsSendingGW1 postfix/qmgr[11346]: C35CF1FEDC: from=<noreply at vietnamairlines.com>, size=18383, nrcpt=1 (queue active)'
[2015-08-10T10:13:58.421532] patterndb rule matches; rule_id='bbbbbbbb-3916-2444-5238-7495cb64bf76'
[2015-08-10T10:13:58.421567] Expiring patterndb correllation context; last_rule='a249fca8-3916-2444-5238-7495cb64bf76', utc='1437843599'
[2015-08-10T10:13:58.421617] Advancing patterndb current time because of an incoming message; utc='1437843601'
[2015-08-10T10:13:58.421653] Correllation context lookup failure, starting a new context; rule='bbbbbbbb-3916-2444-5238-7495cb64bf76', context='C35CF1FEDC', context_timeout='0', context_expiration='1437843601'
[2015-08-10T10:13:58.421687] Message parsing complete; result='1'
[2015-08-10T10:13:58.421788] Filter rule evaluation begins; rule='f_triggers', location='/etc/syslog-ng/syslog-ng.conf:78:20'
[2015-08-10T10:13:58.421813] Filter node evaluation result; result='not-match'
[2015-08-10T10:13:58.421835] Filter rule evaluation result; result='not-match', rule='f_triggers', location='/etc/syslog-ng/syslog-ng.conf:78:20'
[2015-08-10T10:13:58.421867] Incoming log entry; line='Jul 26 00:00:03 aitsSendingGW1 postfix/smtp[28422]: C35CF1FEDC: to=<hoangnguyen140288 at gmail.com>, relay=gmail-smtp-in.l.google.com[74.125.23.26]:25, delay=4.7, delays=2.7/0/1.2/0.83, dsn=2.0.0, status=sent (250 2.0.0 OK 1437843602 zl8si30056451pac.150 - gsmtp)'
[2015-08-10T10:13:58.421956] patterndb rule matches; rule_id='39289650-0787-7b4f-a52d-c047d600de3f'
[2015-08-10T10:13:58.421999] Expiring patterndb correllation context; last_rule='bbbbbbbb-3916-2444-5238-7495cb64bf76', utc='1437843601'
[2015-08-10T10:13:58.422029] Advancing patterndb current time because of an incoming message; utc='1437843603'
[2015-08-10T10:13:58.422059] Correllation context lookup failure, starting a new context; rule='39289650-0787-7b4f-a52d-c047d600de3f', context='C35CF1FEDC', context_timeout='0', context_expiration='1437843603'
[2015-08-10T10:13:58.422091] Message parsing complete; result='1'
[2015-08-10T10:13:58.422111] Filter rule evaluation begins; rule='f_triggers', location='/etc/syslog-ng/syslog-ng.conf:78:20'
[2015-08-10T10:13:58.422131] Filter node evaluation result; result='not-match'
[2015-08-10T10:13:58.422151] Filter rule evaluation result; result='not-match', rule='f_triggers', location='/etc/syslog-ng/syslog-ng.conf:78:20'
[2015-08-10T10:13:58.422196] Incoming log entry; line='Jul 26 00:00:03 aitsSendingGW1 postfix/qmgr[11346]: C35CF1FEDC: removed'
[2015-08-10T10:13:58.422240] patterndb rule matches; rule_id='aaaaaaaa-3946-2444-5238-7495cb64bf76'
[2015-08-10T10:13:58.422268] Advancing patterndb current time because of an incoming message; utc='1437843603'
[2015-08-10T10:13:58.422296] Correllation context lookup successful; rule='aaaaaaaa-3946-2444-5238-7495cb64bf76', context='C35CF1FEDC', context_timeout='0', context_expiration='1437843603', num_messages='1'
[2015-08-10T10:13:58.422350] Filter node evaluation result; result='not-match', type='CMP'
[2015-08-10T10:13:58.422378] Filter node evaluation result; result='not-match', type='CMP'
[2015-08-10T10:13:58.422397] Filter node evaluation result; result='not-match', type='CMP'
[2015-08-10T10:13:58.422416] Filter node evaluation result; result='match', type='CMP'
[2015-08-10T10:13:58.422441] Filter node evaluation result; result='not-match', type='CMP'
[2015-08-10T10:13:58.422459] Filter node evaluation result; result='not-match', type='CMP'
[2015-08-10T10:13:58.422477] Filter node evaluation result; result='not-match', type='CMP'
[2015-08-10T10:13:58.422495] Filter node evaluation result; result='not-match', type='CMP'
[2015-08-10T10:13:58.422511] Filter node evaluation result; result='not-match', type='CMP'
[2015-08-10T10:13:58.422533] Filter node evaluation result; result='not-match', type='CMP'
[2015-08-10T10:13:58.422554] Filter node evaluation result; result='not-match', type='CMP'
[2015-08-10T10:13:58.422572] Filter node evaluation result; result='not-match', type='CMP'
[2015-08-10T10:13:58.422589] Filter node evaluation result; result='not-match', type='CMP'
[2015-08-10T10:13:58.422607] Filter node evaluation result; result='not-match', type='CMP'
[2015-08-10T10:13:58.422622] Filter node evaluation result; result='not-match', type='CMP'
[2015-08-10T10:13:58.422643] Filter node evaluation result; result='not-match', type='CMP'
[2015-08-10T10:13:58.422662] Filter node evaluation result; result='not-match', type='CMP'
[2015-08-10T10:13:58.422678] Filter node evaluation result; result='not-match', type='CMP'
[2015-08-10T10:13:58.422730] Filter node evaluation result; result='match', type='CMP'
[2015-08-10T10:13:58.422760] Filter node evaluation result; result='not-match', type='CMP'
[2015-08-10T10:13:58.422781] Filter node evaluation result; result='not-match', type='CMP'
[2015-08-10T10:13:58.422801] Filter node evaluation result; result='match', type='CMP'
[2015-08-10T10:13:58.422819] Filter node evaluation result; result='not-match', type='CMP'
[2015-08-10T10:13:58.422836] Filter node evaluation result; result='not-match', type='CMP'
[2015-08-10T10:13:58.422874] Filter rule evaluation begins; rule='f_triggers', location='/etc/syslog-ng/syslog-ng.conf:78:20'
[2015-08-10T10:13:58.422896] Filter node evaluation result; result='match'
[2015-08-10T10:13:58.422916] Filter rule evaluation result; result='match', rule='f_triggers', location='/etc/syslog-ng/syslog-ng.conf:78:20'
[2015-08-10T10:13:58.423024] Initializing destination file writer; template='/var/log/postfix', filename='/var/log/postfix'
[2015-08-10T10:13:58.423355] db-parser: emitting synthetic message; msg='queueid=C35CF1FEDC mail_from= mail_to=hoangnguyen140288 at gmail.com connection_from_host= connection_from_ip= msgid= nrcpt= status=sent status_msg=250 2.0.0 OK 1437843602 zl8si30056451pac.150 - gsmtp'
[2015-08-10T10:13:58.423397] Message parsing complete; result='1'
[2015-08-10T10:13:58.423418] Filter rule evaluation begins; rule='f_triggers', location='/etc/syslog-ng/syslog-ng.conf:78:20'
[2015-08-10T10:13:58.423434] Filter node evaluation result; result='not-match'
[2015-08-10T10:13:58.423453] Filter rule evaluation result; result='not-match', rule='f_triggers', location='/etc/syslog-ng/syslog-ng.conf:78:20'
[2015-08-10T10:13:58.423745] Outgoing message; message='Jul 26 00:00:03 aitsSendingGW1 postfix/qmgr[11346]: queueid=C35CF1FEDC mail_from= mail_to=hoangnguyen140288 at gmail.com connection_from_host= connection_from_ip= msgid= nrcpt= status=sent status_msg=250 2.0.0 OK 1437843602 zl8si30056451pac.150 - gsmtp\x0a'
[2015-08-10T10:13:58.533080] Advancing patterndb current time because of timer tick; utc='1'
[2015-08-10T10:13:59.533440] Advancing patterndb current time because of timer tick; utc='2'
[2015-08-10T10:13:59.533499] Expiring patterndb correllation context; last_rule='aaaaaaaa-3946-2444-5238-7495cb64bf76', utc='1437843603'
More information about the syslog-ng
mailing list