Element: example

Location

/patterndb/ruleset/rules/rule/patterns/examples/example

Description

OPTIONAL — A container element for a sample log message.

Attributes

N/A

Children

test_message: OPTIONAL — A sample log message that should match this pattern. For example:

    <test_message program="myapplication">Content filter has been enabled</test_message>

program: The program pattern of the test message. For example:

    <test_message program="proftpd">ubuntu (::ffff:192.168.2.179[::ffff:192.168.2.179]) - FTP session closed.</test_message>

test_values: OPTIONAL — A container element to test the results of the parsers used in the pattern.
- test_value: OPTIONAL — The expected value of the parser when matching the pattern to the test message. For example:
```
    <test_value name=".dict.ContentFilter" type="string">enabled</test_value>
```
  - name: The name of the name-value pair to test.
  - type: The type of the name-value pair, one of the recognized syslog-ng type hints Specifying data types in value-pairs

Example

   <examples>
        <example>
            <test_message>Accepted password for sampleuser from 10.50.0.247 port 42156 ssh2</test_message>
            <test_values>
                <test_value name="SSH_AUTH_METHOD">password</test_value>
                <test_value name="SSH_USERNAME">sampleuser</test_value>
                <test_value name="SSH_CLIENT_ADDRESS">10.50.0.247</test_value>
                <test_value name="SSH_PORT_NUMBER" type="integer">42156</test_value>
            </test_values>
        </example>
    </examples>

Last modified August 29, 2023: Add documentation on the "type" attribute in test_value tag (#20) (355348a)