[nxlog-ce-users] pm_pattern

[Paul Fontenot]

Hi,

I have put together a pm_pattern file that does exactly what I wanted it to
do on local workstation and thought I'd put it on the central log server and
I've found that what worked on the workstation doesn't work on the server. I
can put the entire pattern file in here if needed - none of the patterns are
matching when I'm trying to filter at the server instead of the workstation.

*** workstation ***
<Input kernel>
        Module  im_kernel
        Exec    parse_syslog_bsd();
</Input>
<Output k_out>
        Module  om_tcp
        Host    192.168.0.200
        Port    1514
        Exec    to_syslog_bsd();
</Output>
<Route 1>
        Path    kernel  => k_out
</Route>
<Input uds>
        Module  im_uds
        Exec    parse_syslog_bsd();
</Input>
<Output u_out>
        Module  om_tcp
        Host    192.168.0.200
        Port    1514
        Exec    to_syslog_bsd();
</Output>
<Route 1>
        Path    uds     => u_out
</Route>

*** server ***
define  LOGDIR  /var/nxlog

# Previously defined in 01-local.conf
#
#<Extension syslog>
#       Module  xm_syslog
#</Extension>

<Input tcp-in>
        Module          im_tcp
        Host            192.168.0.200
        Port            1514
</Input>

<Processor pattern-nonwbt>
        Module          pm_pattern
        PatternFile     /etc/nxlog.d/patterndb-nonwbt.xml
</Processor>
<Output tcp-out>
        Module          om_file
        File            '%LOGDIR%/all.log'
</Output>

<Route tcp-route>
        Path            tcp-in => pattern-nonwbt => tcp-out
</Route>

*** pm_pattern ***
--<snip>--
  <name>kernel</name>
  <id>6</id>
  <matchfield>
   <name>SourceName</name>
   <type>exact</type>
   <value>kernel</value>
  </matchfield>  

  <pattern>   
   <id>1</id>
   <name>MCP</name>

   <matchfield>
    <name>Message</name>
    <type>REGEXP</type>
    <value>^intel ips [a-zA-Z0-9.]*: MCP limit exceeded: Avg temp [0-9]*,
limit 9000</value>
   </matchfield>

   <exec>
    drop();
   </exec>
  </pattern>

  <pattern>   
   <id>2</id>
   <name>MCP</name>

   <matchfield>
    <name>Message</name>
    <type>REGEXP</type>
    <value>^intel ips [a-zA-Z0-9.]*: MCP limit exceeded: Avg power [0-9]*,
limit 35000</value>
   </matchfield>

   <exec>
    drop();
   </exec>
  </pattern>


------------------------------------------------------------------------------
Sponsored by Intel(R) XDK 
Develop, test and display web and hybrid apps with a single code base.
Download it for free now!
http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users