[syslog-ng] Error in pattern ?
Scheidler, Balázs
balazs.scheidler at balabit.com
Mon Aug 10 06:54:03 CEST 2015
The rule has a context-timeout attribute that specifies how long an entry
is kept in the correlation state.
Yours specify zero, thus syslog-ng expires the entry as soon as the
timestamp changes.
On Aug 10, 2015 06:33, "Thanh Dat" <dat.tt at netnam.vn> wrote:
> Dear all syslog-ng expert,
>
> I have a pattern to combine multiple lines of postfix into a single entry.
> However, it does not work correctly. As I run syslog-ng -Fvde, I found out
> the reason is its context always expire after "from" log and "message-id"
> log which I don't know why. For example:
> [2015-08-10T10:13:58.421999] Expiring patterndb correllation context;
> last_rule='bbbbbbbb-3916-2444-5238-7495cb64bf76', utc='1437843601'
>
> I send you my debug output, patterndb and my log sample.
> Please help me.
> Thank you so much for your help.
>
> PS: Sorry for my bad English.
> --
>
> Best Regards.
>
> --
> Tang Thanh Dat (Mr.) | System Administration Department
> NETNAM CORPORATION
> 18 Hoang Quoc Viet, Cau Giay, Hanoi,Vietnam
> (T)+84-4-37562227, (F)+84-4-37 561 888, (M)+84-(0)-9 32336692
> (E) dat.tt at netnam.vn (W) www.netnam.vn
> --
> NetNam - one of the best ISPs and Solutions Providers in Vietnam,
> specialized in corporate networks, managed services & security solutions.
> --
> Your Net, We Care!
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150810/cbbf0a99/attachment.htm
More information about the syslog-ng
mailing list