[syslog-ng] Using patterndb in syslog-ng
Mitzki, András
andras.mitzki at balabit.com
Wed Aug 31 14:02:11 CEST 2016
Hi Scot,
Your founded issue seems valid. The GitHub project: syslog-ng-patterndb
need some updates, to fix that warnings (Non-numeric correlation state ID
found).
For the quick workaround you can add some missing "@" to the following
lines in generated patterndb.xml. After that syslog-ng should start with
that patterndb.xml.
install/var/patterndb.xml:209: <value
name='usracct.device'>${temp.su_username}@@${temp.su_tty}</value>
install/var/patterndb.xml:587: <value
name='usracct.device'>${temp.sudo_username}@@${temp.sudo_tty}</value>
install/var/patterndb.xml:616: <value
name='usracct.device'>${temp.sudo_username}@@${temp.sudo_tty}</value>
install/var/patterndb.xml:643: <value
name='usracct.device'>${temp.sudo_username}@@unknown</value>
Micek
On Wed, Aug 31, 2016 at 6:58 AM, Scot Needy <scotrn at gmail.com> wrote:
>
>
> Can someone point me in the right direction on how to use update-patterndb
> for syslog-ng ?
>
> Downloaded current git syslog-ng-patterndb to /opt/syslog-ng/etc/patterndb.d/,
> but not sure how to load and test it.
>
> Am I doing something wrong ?
>
>
> bin/pdbtool merge -r --glob \*.pdb -D /opt/syslog-ng/etc/patterndb.d -p
> /opt/syslog-ng/etc/patterndb.xml
>
> [@ROOT] sbin/syslog-ng -f /opt/syslog-ng/etc/syslog-ng.conf
>
> [2016-08-31T00:55:54.978717] Non-numeric correlation state ID found,
> assuming a literal '@' character. To avoid confusion when using a literal
> '@' after a macro or template function, write '@@' in the template.;
> Template='${temp.su_username}@${temp.su_tty}’
> blah…
> blah..
> [2016-08-31T00:55:54.978978] Non-numeric correlation state ID found,
> assuming a literal '@' character. To avoid confusion when using a literal
> '@' after a macro or template function, write '@@' in the template.;
> Template='${temp.sudo_username}@unknown’
>
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160831/452c0534/attachment.htm
More information about the syslog-ng
mailing list