patterndb-yaml

YAML-based pattern matching for log normalization using syslog-ng patterndb

Overview

patterndb-yaml brings intuitive YAML pattern definitions to syslog-ng's proven patterndb engine. Instead of writing complex XML patterns, you define rules in readable YAML and let patterndb-yaml handle the translation to syslog-ng's proven pattern matcher.

This makes it easier to normalize heterogeneous logs - transforming different log formats into standardized output for comparison, analysis, or filtering.

Features

• YAML rules - Readable pattern definitions instead of syslog-ng XML
• Field extraction - Pull specific data (table names, IDs, etc.) from matched lines
• Pattern matching - Powered by syslog-ng's efficient C implementation
• Multi-line sequences - Handle log entries spanning multiple lines
• Explain mode - Debug which patterns matched and why
• CLI and Python API - Use as a command-line tool or library

Getting Started

• Installation - Install patterndb-yaml
• Quick Start - Normalize your first log file
• Basic Concepts - Understand patterns and rules