Jason Haar wrote:
Hi there
Has anyone any idea about this? It looks to me that regex don't work on the "host()" options at all. I have mine set to a regex, and it's capturing all sorts of traffic from other syslog clients that don't match :-(
Jason
Jason Haar wrote:
Hi there
I have a subset of syslog-ng hosts that use a specific DNS formatted naming convention that I wish to ensure all their data is caught by a particular syslog-ng filter.
I have
filter f_process_Test { host("^...\-..\-ids\-[0-9]+\...\.our\.net$") and not host("abc-xy-ids-02\.our\.net"); };
i.e. I want abc-12-ids-01.aa.our.net and xyz-12-ids-01.aa.our.net to be caught by this filter, but abc-xy-ids-02\.our\.net not to be.
I could explicitly name them all I suppose - but there are 12+ of them and they are growing in number. A regex would be much more efficient.
Anyway, it doesn't work. That filter never triggers. I know the hostnames are correct as I have a general catch-all rule that logs to filenames containing the hostname - and those hostnames show up in there.
Can anyone explain what I've got wrong? REGEX works fine in my "match" calls...
This is syslog-ng-1.6.7-2 under CentOS4.1
Thanks!
Hello, Try regex coach it helps a lot ^_^ http://www.weitz.de/regex-coach/ JF