[syslog-ng] How does regex work with HOST definitions?
jf
tilaris at wanadoo.fr
Thu Sep 29 11:48:31 CEST 2005
Jason Haar wrote:
>Hi there
>
>Has anyone any idea about this? It looks to me that regex don't work on
>the "host()" options at all. I have mine set to a regex, and it's
>capturing all sorts of traffic from other syslog clients that don't
>match :-(
>
>Jason
>
>Jason Haar wrote:
>
>
>
>>Hi there
>>
>>I have a subset of syslog-ng hosts that use a specific DNS formatted
>>naming convention that I wish to ensure all their data is caught by a
>>particular syslog-ng filter.
>>
>>I have
>>
>>filter f_process_Test { host("^...\-..\-ids\-[0-9]+\...\.our\.net$") and
>>not host("abc-xy-ids-02\.our\.net"); };
>>
>>i.e. I want abc-12-ids-01.aa.our.net and xyz-12-ids-01.aa.our.net to be
>>caught by this filter, but abc-xy-ids-02\.our\.net not to be.
>>
>>I could explicitly name them all I suppose - but there are 12+ of them
>>and they are growing in number. A regex would be much more efficient.
>>
>>Anyway, it doesn't work. That filter never triggers. I know the
>>hostnames are correct as I have a general catch-all rule that logs to
>>filenames containing the hostname - and those hostnames show up in there.
>>
>>Can anyone explain what I've got wrong? REGEX works fine in my "match"
>>calls...
>>
>>This is syslog-ng-1.6.7-2 under CentOS4.1
>>
>>Thanks!
>>
>>
>>
>>
>>
>
>
>
>
Hello,
Try regex coach it helps a lot ^_^ http://www.weitz.de/regex-coach/
JF
More information about the syslog-ng
mailing list