<div dir="ltr">Hi Joe,<br><br>Thanks for your replay.<br><br>I am not able to understand the regular expression statement with are there in the internet.<br><br>For example: <br><br>\s(\S+)\s(\S+)\[\d+\]\:\s\[ID \d+ (\S+)\.(\S+)\]\s<br>
\S+\s+\d+\s+(\d+)\:\d+\:\d+\s<br><br>I want to know what exactly text of this pattern?<br><br>Is there any tool will convert RegExp to text?. So that it will helps for me to understand better.<br><br>Regards,<br>Vadiraj<br>
<br><br><div class="gmail_quote">On Mon, Aug 25, 2008 at 3:30 PM, <span dir="ltr"><<a href="mailto:syslog-ng-request@lists.balabit.hu">syslog-ng-request@lists.balabit.hu</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Send syslog-ng mailing list submissions to<br>
<a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:syslog-ng-request@lists.balabit.hu">syslog-ng-request@lists.balabit.hu</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:syslog-ng-owner@lists.balabit.hu">syslog-ng-owner@lists.balabit.hu</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of syslog-ng digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Re: tool to convert regular expression to text (Fegan, Joe)<br>
2. Re: syslog-ng 2 nics (Balazs Scheidler)<br>
3. Re: [patch] Add follow_freq_ms option (Balazs Scheidler)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Sun, 24 Aug 2008 23:34:59 +0000<br>
From: "Fegan, Joe" <<a href="mailto:Joe.Fegan@hp.com">Joe.Fegan@hp.com</a>><br>
Subject: Re: [syslog-ng] tool to convert regular expression to text<br>
To: Syslog-ng users' and developers' mailing list<br>
<<a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a>><br>
Message-ID:<br>
<<a href="mailto:0E6222894DE49B40A3A9FD929C630BCB379EB5A2EF@GVW1121EXC.americas.hpqcorp.net">0E6222894DE49B40A3A9FD929C630BCB379EB5A2EF@GVW1121EXC.americas.hpqcorp.net</a>><br>
<br>
Content-Type: text/plain; charset="us-ascii"<br>
<br>
Hi Vadiraj,<br>
<br>
Your question doesn't really make sense. Can you please elaborate. That might help.<br>
<br>
Joe.<br>
<br>
________________________________<br>
From: <a href="mailto:syslog-ng-bounces@lists.balabit.hu">syslog-ng-bounces@lists.balabit.hu</a> [mailto:<a href="mailto:syslog-ng-bounces@lists.balabit.hu">syslog-ng-bounces@lists.balabit.hu</a>] On Behalf Of vadi<br>
Sent: 22 August 2008 22:15<br>
To: <a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a><br>
Subject: [syslog-ng] tool to convert regular expression to text<br>
<br>
Dear All,<br>
<br>
Do we have any tool to convert regular expression to text?. Please let me know about it.<br>
<br>
Thanking u,<br>
<br>
Regards,<br>
Vadiraj<br>
<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <a href="http://lists.balabit.hu/pipermail/syslog-ng/attachments/20080824/87a53378/attachment-0001.htm" target="_blank">http://lists.balabit.hu/pipermail/syslog-ng/attachments/20080824/87a53378/attachment-0001.htm</a><br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Mon, 25 Aug 2008 09:03:33 +0200<br>
From: Balazs Scheidler <<a href="mailto:bazsi@balabit.hu">bazsi@balabit.hu</a>><br>
Subject: Re: [syslog-ng] syslog-ng 2 nics<br>
To: Syslog-ng users' and developers' mailing list<br>
<<a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a>><br>
Message-ID: <1219647813.11424.0.camel@bzorp.balabit><br>
Content-Type: text/plain<br>
<br>
On Fri, 2008-08-22 at 06:50 +0200, Hubert Kupper wrote:<br>
> -------- Original-Nachricht --------<br>
> > Datum: Thu, 21 Aug 2008 14:30:48 +0200<br>
> > Von: Balazs Scheidler <<a href="mailto:bazsi@balabit.hu">bazsi@balabit.hu</a>><br>
> > An: Syslog-ng users\' and developers\' mailing list <<a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a>><br>
> > Betreff: Re: [syslog-ng] syslog-ng 2 nics<br>
><br>
> ><br>
> > Have you checked that:<br>
> > * syslog-ng is bound to the new interface (either because of a <a href="http://0.0.0.0" target="_blank">0.0.0.0</a><br>
> > bind, or because you have two udp() sources each bound to their<br>
> > respective interface)<br>
> > * packet filter does not filter out these messages<br>
> ><br>
> > You can check the first by issuing "netstat -np | grep 514" and check<br>
> > which interfaces syslog-ng has bound to.<br>
> ><br>
> > The second, well check that your packet filter is not in the way.<br>
> ><br>
> > --<br>
> > Bazsi<br>
> ><br>
> Hi,<br>
> I checked the first issue with "netstat -np | grep 514" and it returned nothing! A grep syslog-ng returned "DGRAM 10006 3413/syslog-ng /dev/log"<br>
> Syslog-ng is still logging entries for all host on the first nic and one host on the second nic!<br>
<br>
Hmm.. were you running netstat as root? It might not show everything if<br>
you run it as a non-root user.<br>
<br>
If there's no listening socket, I can't see how it would possibly log<br>
anything on either nics.<br>
<br>
--<br>
Bazsi<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 3<br>
Date: Mon, 25 Aug 2008 09:07:53 +0200<br>
From: Balazs Scheidler <<a href="mailto:bazsi@balabit.hu">bazsi@balabit.hu</a>><br>
Subject: Re: [syslog-ng] [patch] Add follow_freq_ms option<br>
To: Syslog-ng users' and developers' mailing list<br>
<<a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a>><br>
Message-ID: <1219648073.11424.5.camel@bzorp.balabit><br>
Content-Type: text/plain<br>
<br>
On Thu, 2008-08-21 at 16:00 -0400, Joe Shaw wrote:<br>
> Hi,<br>
><br>
> As I mentioned in the last thread, I've found myself wanting to have<br>
> better than one second resolution for the follow_freq() option.<br>
> Attached is a patch which adds a follow_freq_ms option, which takes<br>
> its value in milliseconds rather than full seconds. follow_freq()<br>
> continues to work as it did previously.<br>
<br>
First of all, thanks for your contibution.<br>
<br>
I'm not sure about the patch though, is millisecond polling really<br>
needed? It might increase the load on the host significantly to check<br>
files several times a second.<br>
<br>
The reason this patch was born was solved in an unrelated manner (e.g.<br>
increasing FIFO size).<br>
<br>
Any other opinions?<br>
<br>
If this turns out really useful, I'd not add a separate keyword, but<br>
would permit the use of floating point numbers, e.g. follow_freq(0.1)<br>
instead of follow_freq_ms(100)<br>
<br>
--<br>
Bazsi<br>
<br>
<br>
<br>
------------------------------<br>
<br>
_______________________________________________<br>
syslog-ng maillist - <a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a><br>
<a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
<br>
<br>
End of syslog-ng Digest, Vol 40, Issue 16<br>
*****************************************<br>
</blockquote></div><br></div>