[syslog-ng] Create Pattern-DB rules

Justin Kala justinkala at gmail.com
Thu Sep 24 16:31:41 CEST 2015


I dont see it as supporting Solaris 11.
Does 3.7 OSE support only till Solaris 10 ??

On Wed, Sep 23, 2015 at 11:58 PM, Scheidler, Balázs <
balazs.scheidler at balabit.com> wrote:

> You can see the latest syslog-ng releases on syslog-ng github pages at:
>
> github.com/balabit/syslog-ng
>
> The latest is 3.7.1
> On Sep 24, 2015 4:28 AM, "Justin Kala" <justinkala at gmail.com> wrote:
>
>> Is 3.5.6 OSE still  the latest stable version or anything higher ??
>>
>> On Sun, Nov 2, 2014 at 2:26 AM, Balazs Scheidler <bazsi77 at gmail.com>
>> wrote:
>>
>>> You can always use pdbtool match to debug and match messages against a
>>> patterndb database.
>>>
>>> It even colorizes output how far a message matched.
>>> On Oct 3, 2014 10:35 AM, "Fabien Wernli" <wernli at in2p3.fr> wrote:
>>>
>>>> Hi Justin,
>>>>
>>>> First things first, your patterndb file doesn't validate.
>>>> You should always test and validate the files using
>>>> `pdbtool test --validate <file.pdb>`. You have to put the text of your
>>>> example in a `<test_message>` element, without forgetting the `program`:
>>>>
>>>>     <examples>
>>>>       <example>
>>>>         <test_message program="sshd">Failed password for kaladhar from
>>>> 127.0.1.1 port 44637 ssh2</test_message>
>>>>       </example>
>>>>     </examples>
>>>>
>>>> Now this probably doesn't explain why the parser doesn't match your
>>>> messages.
>>>>
>>>> On Thu, Oct 02, 2014 at 04:31:38PM -0400, Justin Kala wrote:
>>>> > * cat messagesAuth.2014.10.02.16unknown|unknown|*
>>>>
>>>> this means your message correctly made it to the pattern parser, but
>>>> didn't
>>>> match any rule.
>>>> What I can suggest, is to run syslog-ng in the foreground, using
>>>> `syslog-ng
>>>> -Fvd` so you'll also get debugging information. Please post the relevant
>>>> info from the output, if you don't figure it out by yourself.
>>>>
>>>> Cheers
>>>>
>>>>
>>>> ______________________________________________________________________________
>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>> Documentation:
>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>
>>>>
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>>>
>>
>>
>> --
>> Kaladhar
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>


-- 
Kaladhar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150924/3c503992/attachment.htm 


More information about the syslog-ng mailing list