-
Title
How pattern matching with pattern database works and example patternDBs attached. -
Description
How pattern matching with pattern database works and example patternDBs attached. -
Resolution
The syslog-ng application can match the contents of the received log messages to predefined message patterns. By comparing the messages to the known patterns, syslog-ng is able to identify the exact type of the messages, and sort them into message classes. The message classes can be used to classify the type of the event described in the log message. The message classes can be customized and, for example, can label the messages as user login, application crash, and so on.
The functionality of the pattern database is similar to that of the logcheck project but it is much easier to write and maintain the patterns used by syslog-ng than the regular expressions used by logcheck. Also, it is much easier to understand syslog-ng pattens than regular expressions.
You can read more about patternDB in the Syslog-ng Administration Guide.
Attached to this article is a file called patterndb.zip which contains the example pattern databases.
Please note: PatternDB configuration help is outside the scope of Technical Support. For application configuration or implementation advice we recommend our Professional Services Organization. For information on how to contact them please visit https://support.oneidentity.com/professional-services-product-select -
Attachments