I just noticed an issues with my filter using regex, so I'm hoping that someone can help me figure this out. I'm running version <a href="http://2.0.9.">2.0.9.</a> I have internal hostnames that I use with a central log system. The issue is that if I use a host like:<br>
<br>hostr01.w01.primary<br><br>It should go to /logs/primary/wireless/hostr01.r01.primary/, but if the router filter is above the wireless filter, the it's actually going into /logs/primary/wireless/hostr01.r01.primary/. It appears to be ignoring or matching the . even thought I have it with a \.. Any help with this would be greatly appreciated. If I didn't have the final(), it would log to both places.<br>
<br><br>Here is the snippet of the config that deals with this.<br><br><br>filter router_filter { host("^[0-9a-zA-Z\-]+\.r[0-9]{2}\.([0-9a-zA-Z\-]+)$"); };<br>destination router_logs {<br> file("/logs/$1/router/$HOST/$YEAR-$MONTH-$DAY.log");<br>
};<br>log { source(s_external);<br> filter(router_filter);<br> destination(router_logs);<br> flags(final);<br>};<br><br><br>filter wireless_filter { host("^[0-9a-zA-Z\-]+\.w[0-9]{2}\.([0-9a-zA-Z\-]+)$"); };<br>
destination wireless_logs {<br> file("/logs/$1/wireless/$HOST/$YEAR-$MONTH-$DAY.log");<br>};<br>log { source(s_external);<br> filter(wireless_filter);<br> destination(wireless_logs);<br> flags(final);<br>
};<br><br>