Mishou Michael <Michael.Mishou@csirc.irs.gov> writes:
I want host() to do a literal, exact string match instead of regex. For message() you can do this: message("foo" type("string")) and get an exact string match. Does this type() and flags() (so you can do substrings) also work on the host() operator?
As far as I can see, yes. Though, flags sets regexp flags, it probably won't work with strings. If you want substring matches, which are faster than regexps, then type("glob") might be of interest to you.
Of course, I could always do host("^192\.168\.1\.1$") but that seems kind of silly when I don't need regex at all.
FWIW, syslog-ng -s doesn't complain about this in the config, and it starts/runs fine, I just can't tell if it's still using regex or not.
A quick look at the sources suggest that host() does indeed support type("string"). But it's reasonably easy to verify: If the following filter works, then it's using a regex, despite told otherwise: filter f_test { host("^.*$" type("string")); }; A quick question though: wouldn't it be more efficient to use templates instead of filters? While it's not suitable in all cases, when you only want to direct each hosts' logs to a different file, then something like the following would be more efficient than filters: destination d_hosts { file ("/var/log/hosts/$HOST.log"); }; -- |8]