[syslog-ng] Create Pattern-DB rules

Justin Kala justinkala at gmail.com
Thu Sep 24 04:28:11 CEST 2015 

Is 3.5.6 OSE still  the latest stable version or anything higher ??

On Sun, Nov 2, 2014 at 2:26 AM, Balazs Scheidler <bazsi77 at gmail.com> wrote:

> You can always use pdbtool match to debug and match messages against a
> patterndb database.
>
> It even colorizes output how far a message matched.
> On Oct 3, 2014 10:35 AM, "Fabien Wernli" <wernli at in2p3.fr> wrote:
>
>> Hi Justin,
>>
>> First things first, your patterndb file doesn't validate.
>> You should always test and validate the files using
>> `pdbtool test --validate <file.pdb>`. You have to put the text of your
>> example in a `<test_message>` element, without forgetting the `program`:
>>
>>     <examples>
>>       <example>
>>         <test_message program="sshd">Failed password for kaladhar from
>> 127.0.1.1 port 44637 ssh2</test_message>
>>       </example>
>>     </examples>
>>
>> Now this probably doesn't explain why the parser doesn't match your
>> messages.
>>
>> On Thu, Oct 02, 2014 at 04:31:38PM -0400, Justin Kala wrote:
>> > * cat messagesAuth.2014.10.02.16unknown|unknown|*
>>
>> this means your message correctly made it to the pattern parser, but
>> didn't
>> match any rule.
>> What I can suggest, is to run syslog-ng in the foreground, using
>> `syslog-ng
>> -Fvd` so you'll also get debugging information. Please post the relevant
>> info from the output, if you don't figure it out by yourself.
>>
>> Cheers
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>


-- 
Kaladhar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150923/3cb2b60f/attachment.htm

More information about the syslog-ng mailing list