<html><body>
<p>I am using this regular expression with Kiwi Syslog to distribute messages to several destinations based on the last number of the third octet (0-4 goes one place, 5-9 goes another). <br>
<br>
<tt> "10\.\d+\.\d*[0-4]\." </tt><br>
<br>
This doesn't work with syslog-ng, of course, but based on my research of the archives, this should do the same thing because I've escaped the "\d"<br>
<br>
match("<tt>10\.\\d+\.\\d*[0-4]\.</tt>")<br>
<br>
Nope, I get nothing. I've shortened it to just<br>
<br>
match("<tt>10\.\\d+</tt>")<br>
<br>
and still get no matching messages.<br>
<br>
This sort of works, but gives some unexpected results:<br>
<br>
match("10\.[0-9]+\.[0-9]*[0-4]\.")<br>
<br>
The match("10\.[0-9]+\.[0-9]*[0-4]\.") statement resulted in 'true' on this log message. I didn't expect a match on 10.87.48.4 from it because of the '8' as the last number of the third octet not matching '0-4'<br>
<br>
Oct 29 16:31:20 10.87.48.4 Kiwi_Syslog_Daemon Oct 29 16:31:20 10.87.48.4 MSWinEventLog 0 Security 71000 Thu Oct 29 16:31:17 2009 538 Security pos User Success Audit POS0408748 Logon/Logoff User Logoff: User Name: pos Domain: POS0408748 Logon ID: (0x0,0x4ACB69) Logon Type: 3 42921033<br>
<br>
<br>
<br>
So, I have two questions.....<br>
<br>
What's wrong with this:<br>
<br>
match("<tt>10\.\\d+\.\\d*[0-4]\.</tt>")<br>
<br>
And why did this <br>
match("10\.[0-9]+\.[0-9]*[0-4]\.")<br>
match this <br>
Oct 29 16:31:20 10.87.48.4 Kiwi_Syslog_Daemon Oct 29 16:31:20 10.87.48.4 MSWinEventLog 0 Security 71000 Thu Oct 29 16:31:17 2009 538 Security pos User Success Audit POS0408748 Logon/Logoff User Logoff: User Name: pos Domain: POS0408748 Logon ID: (0x0,0x4ACB69) Logon Type: 3 42921033<br>
<br>
Thanks!<br>
<br>
Phil</body></html>
<pre><span style="font-size:78%;"><span style="font-family:arial;"><strong>Notice:</strong> This e-mail message and its attachments are the property of Wendy's/Arby's Group Inc. </span>
<span style="font-family:arial;">or one of its subsidiaries and may contain confidential or legally privileged information intended</span>
<span style="font-family:arial;">solely for the use of the addressee(s). If you are not an intended recipient, then any use, copying or</span>
<span style="font-family:arial;">distribution of this message or its attachments is strictly prohibited. If you received this message in</span>
<span style="font-family:arial;">error, please notify the sender and delete this message entirely from your system.</span></span>