[syslog-ng] Create Pattern-DB rules

Scheidler, Balázs balazs.scheidler at balabit.com
Thu Sep 24 05:58:03 CEST 2015 

You can see the latest syslog-ng releases on syslog-ng github pages at:

github.com/balabit/syslog-ng

The latest is 3.7.1
On Sep 24, 2015 4:28 AM, "Justin Kala" <justinkala at gmail.com> wrote:

> Is 3.5.6 OSE still  the latest stable version or anything higher ??
>
> On Sun, Nov 2, 2014 at 2:26 AM, Balazs Scheidler <bazsi77 at gmail.com>
> wrote:
>
>> You can always use pdbtool match to debug and match messages against a
>> patterndb database.
>>
>> It even colorizes output how far a message matched.
>> On Oct 3, 2014 10:35 AM, "Fabien Wernli" <wernli at in2p3.fr> wrote:
>>
>>> Hi Justin,
>>>
>>> First things first, your patterndb file doesn't validate.
>>> You should always test and validate the files using
>>> `pdbtool test --validate <file.pdb>`. You have to put the text of your
>>> example in a `<test_message>` element, without forgetting the `program`:
>>>
>>>     <examples>
>>>       <example>
>>>         <test_message program="sshd">Failed password for kaladhar from
>>> 127.0.1.1 port 44637 ssh2</test_message>
>>>       </example>
>>>     </examples>
>>>
>>> Now this probably doesn't explain why the parser doesn't match your
>>> messages.
>>>
>>> On Thu, Oct 02, 2014 at 04:31:38PM -0400, Justin Kala wrote:
>>> > * cat messagesAuth.2014.10.02.16unknown|unknown|*
>>>
>>> this means your message correctly made it to the pattern parser, but
>>> didn't
>>> match any rule.
>>> What I can suggest, is to run syslog-ng in the foreground, using
>>> `syslog-ng
>>> -Fvd` so you'll also get debugging information. Please post the relevant
>>> info from the output, if you don't figure it out by yourself.
>>>
>>> Cheers
>>>
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>
>
> --
> Kaladhar
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150924/1c06b2c6/attachment.htm

More information about the syslog-ng mailing list