I have syslog ng writing to a mysql pipe and then a little script reading the pipe and writing to the db. I currently receive many messages like the following, I wonder if somenone can help me figure out what this message is saying..... thanks.
<br><br><br>| mailux | syslog | notice | notice | 2d | 2007-04-13 | 01:16:40 | syslog-ng | syslog-ng[30548]: Log statistics; dropped='pipe(/tmp/mysql.pipe)=0', processed='center(queued)=40295', processed='center(received)=13206', processed='destination(d_mysql)=40295', processed='source(net_tcp)=0', processed='source(src)=8962', processed='source(net_udp)=4244' | 46674 |
<br><br><div><span class="gmail_quote">On 4/29/07, <b class="gmail_sendername"><a href="mailto:syslog-ng-request@lists.balabit.hu">syslog-ng-request@lists.balabit.hu</a></b> <<a href="mailto:syslog-ng-request@lists.balabit.hu">
syslog-ng-request@lists.balabit.hu</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Send syslog-ng mailing list submissions to
<br> <a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a><br><br>To subscribe or unsubscribe via the World Wide Web, visit<br> <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">
https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>or, via email, send a message with subject or body 'help' to<br> <a href="mailto:syslog-ng-request@lists.balabit.hu">syslog-ng-request@lists.balabit.hu
</a><br><br>You can reach the person managing the list at<br> <a href="mailto:syslog-ng-owner@lists.balabit.hu">syslog-ng-owner@lists.balabit.hu</a><br><br>When replying, please edit your Subject line so it is more specific
<br>than "Re: Contents of syslog-ng digest..."<br><br><br>Today's Topics:<br><br> 1. Re: turn off case sensitivity for match regex filter<br> (Balazs Scheidler)<br> 2. Re: turn off case sensitivity for match regex filter (stucky)
<br><br><br>----------------------------------------------------------------------<br><br>Message: 1<br>Date: Sat, 28 Apr 2007 12:42:06 +0200<br>From: Balazs Scheidler <<a href="mailto:bazsi@balabit.hu">bazsi@balabit.hu
</a>><br>Subject: Re: [syslog-ng] turn off case sensitivity for match regex<br> filter<br>To: Syslog-ng users' and developers' mailing list<br> <<a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu
</a>><br>Message-ID: <<a href="mailto:1177756926.14925.17.camel@bzorp.balabit">1177756926.14925.17.camel@bzorp.balabit</a>><br>Content-Type: text/plain<br><br>On Sat, 2007-04-28 at 01:52 -0700, stucky wrote:<br>> Guys
<br>><br>> Playing around with ng 2 and I started looking at the match filter<br>> again.<br>> Simple question that I cannot find an answer to anywhere on the net.<br>> How do I turn off case sensitivity for the match target ?
<br>> I'd like the following line to match "error' or 'ERROR' or 'Error'<br>><br>> filter logparse { match("error"); };<br>><br>> but of course it only matches 'error' since by default regex is case
<br>> sensitive.<br>> Basically I'm trying to emulate 'grep -i'<br>> I guess I could do this :<br>><br>> filter logparse { match("[Ee][Rr][Rr][Oo][Rr]"); }; but it'd be soo<br>> much simpler to turn off case sensitivity.
<br><br>Yes, you are right. But it's not currently possible. It should be<br>however, I'll try to add it in the nearfuture.<br><br>><br>> And while we're talking regex. Shouldn't the above line actually read
<br>> like this :<br>><br>> filter logparse { match(".+error.+"); }; ?<br>><br>> meaning "anything followed by 'error' followed by anything"<br>> Both appear to work so I assume the first line is interpreted by
<br>> syslog-ng like the second line correct ?<br><br>syslog-ng interprets "match" the same as grep, e.g. it does not care<br>where the pattern is found. if you want to match the beginning or the<br>end of line, you need to use explicit ^ and $ characters.
<br><br>--<br>Bazsi<br><br><br><br>------------------------------<br><br>Message: 2<br>Date: Sat, 28 Apr 2007 12:44:04 -0700<br>From: stucky <<a href="mailto:stucky101@gmail.com">stucky101@gmail.com</a>><br>Subject: Re: [syslog-ng] turn off case sensitivity for match regex
<br> filter<br>To: "Syslog-ng users' and developers' mailing list"<br> <<a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a>><br>Message-ID:<br> <<a href="mailto:30997e260704281244g6f1225bfwc7da2b4e05fdfd9f@mail.gmail.com">
30997e260704281244g6f1225bfwc7da2b4e05fdfd9f@mail.gmail.com</a>><br>Content-Type: text/plain; charset="utf-8"<br><br>Baszi<br><br>Cool. I'm in the middle of building a new infrastructure and would like to
<br>use this feature. I'm not a programmer but I assume adding this feature<br>shouldn't be very hard at all right ?<br>If you had a rough ETA that'd help me.<br><br>thx<br><br>On 4/28/07, Balazs Scheidler <
<a href="mailto:bazsi@balabit.hu">bazsi@balabit.hu</a>> wrote:<br>><br>> On Sat, 2007-04-28 at 01:52 -0700, stucky wrote:<br>> > Guys<br>> ><br>> > Playing around with ng 2 and I started looking at the match filter
<br>> > again.<br>> > Simple question that I cannot find an answer to anywhere on the net.<br>> > How do I turn off case sensitivity for the match target ?<br>> > I'd like the following line to match "error' or 'ERROR' or 'Error'
<br>> ><br>> > filter logparse { match("error"); };<br>> ><br>> > but of course it only matches 'error' since by default regex is case<br>> > sensitive.<br>> > Basically I'm trying to emulate 'grep -i'
<br>> > I guess I could do this :<br>> ><br>> > filter logparse { match("[Ee][Rr][Rr][Oo][Rr]"); }; but it'd be soo<br>> > much simpler to turn off case sensitivity.<br>><br>> Yes, you are right. But it's not currently possible. It should be
<br>> however, I'll try to add it in the nearfuture.<br>><br>> ><br>> > And while we're talking regex. Shouldn't the above line actually read<br>> > like this :<br>> ><br>> > filter logparse { match(".+error.+"); }; ?
<br>> ><br>> > meaning "anything followed by 'error' followed by anything"<br>> > Both appear to work so I assume the first line is interpreted by<br>> > syslog-ng like the second line correct ?
<br>><br>> syslog-ng interprets "match" the same as grep, e.g. it does not care<br>> where the pattern is found. if you want to match the beginning or the<br>> end of line, you need to use explicit ^ and $ characters.
<br>><br>> --<br>> Bazsi<br>><br>> _______________________________________________<br>> syslog-ng maillist - <a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a><br>> <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">
https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>> Frequently asked questions at <a href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a><br>><br>><br><br><br>--<br>
stucky<br>-------------- next part --------------<br>An HTML attachment was scrubbed...<br>URL: <a href="http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070428/c3bdb0f9/attachment.html">http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070428/c3bdb0f9/attachment.html
</a><br><br>------------------------------<br><br>_______________________________________________<br>syslog-ng maillist - <a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a><br><a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">
https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br><br><br>End of syslog-ng Digest, Vol 24, Issue 32<br>*****************************************<br></blockquote></div><br><br clear="all"><br>-- <br>Regards,<br><br>
Fabian Pucciarelli