using syslog-ng and patterndb, how do I specify an "empty" pattern?

Question

When I receive kernel traces in my logs, the last line is empty. I'd like to filter/ignore these empty kernel messages using syslog-ng and patterndb. Here is the pattern I have so far that is not matching empty:

  <rule class='system' id='kernel_empty' provider='local'>
  <description></description>
    <patterns>
      <pattern></pattern>
    </patterns>
  </rule>

How do I exclude these empty kernel messages?

score 0 · Accepted Answer · edited Jan 21 '12 at 17:23

0

try to add an empty line (or a line-break) to the pattern. For example,

<patterns>
  <pattern>
</pattern>
</patterns>

edited Jan 21 '12 at 17:23

Sam Cogan

38,736
6
78
114

answered Dec 21 '11 at 13:24

Robert Fekete

16

You'll have to wrap XML tags in a {code} block, or the system will hide it :) – adaptr Dec 21 '11 at 13:45

using syslog-ng and patterndb, how do I specify an "empty" pattern?

1 Answers1

Linked