[prev in list] [next in list] [prev in thread] [next in thread]
List: syslog-ng
Subject: Re: [syslog-ng] patterndb and log analysis
From: Balazs Scheidler <bazsi77 () gmail ! com>
Date: 2013-06-26 4:08:38
Message-ID: CAKcfE+ZAEb1YdQfGGf7vCXnepvzhwKdAcwmq7Qt3xgt2wSXkKQ () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
There was a larger database that was converted from logcheck regexps, but
that was only useful for classification and not to extract fields from log
messages
Here's the link
http://www.balabit.com/downloads/files/patterndb-snapshot/patterndb-20091209.zip
On Jun 25, 2013 6:13 PM, "Matt Zagrabelny" <mzagrabe@d.umn.edu> wrote:
> On Tue, Jun 18, 2013 at 11:54 AM, Jakub Jankowski <shasta@toxcorp.com>
> wrote:
> > On 2013-06-18, Matt Zagrabelny wrote:
> >
> >> I just cloned the git://git.balabit.hu/bazsi/syslog-ng-patterndb.git
> >> and it looks like the project has not seen much activity since 2010.
> >> Are people still using patterndb? Do the patterns not change much and
> >> that is the reason that the git database has not changed much?
> >
> >
> https://czanik.blogs.balabit.com/2013/05/patterndb-git-moved-and-updated/
>
> Thanks, Jakub!
>
> I've cloned the repo, but it seems somewhat sparse. The 3.3 OSE admin
> PDF states that:
>
> "13.2.2. Downloading sample pattern databases
> Sample pattern databases are available at the BalaBit Download page.
> Note that even though these pattern databases
> contain over 8000 rules for more than 200 applications and devices,
> they are only samples and experimental databases
> that are not officially supported and may or may not work in your
> environment."
>
> I only see a small number of applications and correspondingly small
> number of rules (compared to 200/8000). Is there a larger database of
> rules out there?
>
> Is there a preferred file extension between .xml and .pdb?
>
> Thanks,
>
> -mz
>
> > HTH
> >
> > --
> > Jakub Jankowski|shasta@toxcorp.com|http://toxcorp.com/
> > GPG: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D
> >
> ______________________________________________________________________________
> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> >
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
[Attachment #5 (text/html)]
<p dir="ltr">There was a larger database that was converted from logcheck regexps, \
but that was only useful for classification and not to extract fields from log \
messages</p> <p dir="ltr">Here's the link</p>
<p dir="ltr"><a href="http://www.balabit.com/downloads/files/patterndb-snapshot/patter \
ndb-20091209.zip">http://www.balabit.com/downloads/files/patterndb-snapshot/patterndb-20091209.zip</a></p>
<div class="gmail_quote">On Jun 25, 2013 6:13 PM, "Matt Zagrabelny" <<a \
href="mailto:mzagrabe@d.umn.edu">mzagrabe@d.umn.edu</a>> wrote:<br \
type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"> On Tue, Jun 18, 2013 at 11:54 AM, \
Jakub Jankowski <<a href="mailto:shasta@toxcorp.com">shasta@toxcorp.com</a>> \
wrote:<br> > On 2013-06-18, Matt Zagrabelny wrote:<br>
><br>
>> I just cloned the git://<a \
href="http://git.balabit.hu/bazsi/syslog-ng-patterndb.git" \
target="_blank">git.balabit.hu/bazsi/syslog-ng-patterndb.git</a><br> >> and it \
looks like the project has not seen much activity since 2010.<br> >> Are people \
still using patterndb? Do the patterns not change much and<br> >> that is the \
reason that the git database has not changed much?<br> ><br>
> <a href="https://czanik.blogs.balabit.com/2013/05/patterndb-git-moved-and-updated/" \
target="_blank">https://czanik.blogs.balabit.com/2013/05/patterndb-git-moved-and-updated/</a><br>
<br>
Thanks, Jakub!<br>
<br>
I've cloned the repo, but it seems somewhat sparse. The 3.3 OSE admin<br>
PDF states that:<br>
<br>
"13.2.2. Downloading sample pattern databases<br>
Sample pattern databases are available at the BalaBit Download page.<br>
Note that even though these pattern databases<br>
contain over 8000 rules for more than 200 applications and devices,<br>
they are only samples and experimental databases<br>
that are not officially supported and may or may not work in your \
environment."<br> <br>
I only see a small number of applications and correspondingly small<br>
number of rules (compared to 200/8000). Is there a larger database of<br>
rules out there?<br>
<br>
Is there a preferred file extension between .xml and .pdb?<br>
<br>
Thanks,<br>
<br>
-mz<br>
<br>
> HTH<br>
><br>
> --<br>
> Jakub Jankowski|<a href="mailto:shasta@toxcorp.com">shasta@toxcorp.com</a>|<a \
href="http://toxcorp.com/" target="_blank">http://toxcorp.com/</a><br> > GPG: FCBF \
F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D<br> > \
______________________________________________________________________________<br> \
> Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" \
target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br> > \
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" \
target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
> FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" \
target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br> ><br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" \
target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" \
target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" \
target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br> <br>
</blockquote></div>
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic