Element: example

Location

/patterndb/ruleset/rules/rule/patterns/examples/example

Description

OPTIONAL — A container element for a sample log message.

Attributes

N/A

Children

• test_message: OPTIONAL — A sample log message that should match this pattern. For example:

      <test_message program="myapplication">Content filter has been enabled</test_message>
  

  • program: The program pattern of the test message. For example:

        <test_message program="proftpd">ubuntu (::ffff:192.168.2.179[::ffff:192.168.2.179]) - FTP session closed.</test_message>
    

• test_values: OPTIONAL — A container element to test the results of the parsers used in the pattern.

  • test_value: OPTIONAL — The expected value of the parser when matching the pattern to the test message. For example:

        <test_value name=".dict.ContentFilter" type="string">enabled</test_value>
    

    • name: The name of the name-value pair to test.
    • type: The type of the name-value pair, one of the recognized syslog-ng type hints Specifying data types in value-pairs

Example

   <examples>
        <example>
            <test_message>Accepted password for sampleuser from 10.50.0.247 port 42156 ssh2</test_message>
            <test_values>
                <test_value name="SSH_AUTH_METHOD">password</test_value>
                <test_value name="SSH_USERNAME">sampleuser</test_value>
                <test_value name="SSH_CLIENT_ADDRESS">10.50.0.247</test_value>
                <test_value name="SSH_PORT_NUMBER" type="integer">42156</test_value>
            </test_values>
        </example>
    </examples>