I'm trying to use the defalut rhlinuxmsg.xml for logs coming from a Fedora 6 server. I intend on using this as boiler plate for a new device type, Beacon from Great Bay Software. In a sample log message there is this example:
pam_unix(sshd:session): session opened for
While searching the rhlinuxmsg.xml there are messages like this:
="<agent>[<data>]: session opened for user
Note the use of brackets rather then the parens. Searching the entire xml for '): session opened for' returns no results. It appears the the rhlinuxmsg.xml would be expecting the use of brackets and not parens.
Is Fedora somehow different then RH? I would suspect that it is not, but has anyone used Fedora 6 as a data source?