[syslog-ng] Changing a value after a match with patterndb
Mark Shetka
mshetka at d.umn.edu
Tue Jan 12 16:38:36 CET 2016
Is it possible to substitute a value after a pattern match? For example, in
the pattern below if I match the "23" then use value "telnet", but if it is
a "22", then "ssh".
%SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: test] [Source: 131.212.1.1]
[localport: 23] [Reason: Login Authentication Failed] at 10:38:41 CST Thu
Jan 23 2014
I am trying to use one pattern to match both cases and we'd prefer to have
service names rather than port numbers in our db.
--
Mark Shetka
Infrastructure Analyst - Network Team
Information Technology Systems & Services
University of Minnesota - Duluth
(218) 726-7682
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160112/3eafdd6c/attachment.htm
More information about the syslog-ng
mailing list