Thanks a lot Kokan!!!!!
I got the result :-)
One more question
For the following two
%AAA-6-AAA_ACCOUNTING_MESSAGE: update:10.94.200.210@pts/0:syslogtest:deleted user victor
%AAA-6-AAA_ACCOUNTING_MESSAGE: update:10.94.201.173@pts/0:syslogtest:added user victor
I try to use the following regex to match the text in red color, it shows works.
AAA-6-AAA_ACCOUNTING_MESSAGE: [a-zA-Z0-9]+:[0-9.]+@[a-zA-Z0-9]+\/[a-zA-Z0-9]+:[a-zA-Z0-9]+:[a-zA-Z]+ user
Is there a simple way to math " update:10.94.200.210@pts/0:syslogtest:"
Thank you very much again‼‼!
VL
-----Original Message-----
From: syslog-ng [
mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of syslog-ng-request@lists.balabit.hu
Sent: 2019, March, 01 7:00 AM
To: syslog-ng@lists.balabit.hu
Subject: syslog-ng Digest, Vol 167, Issue 1
Send syslog-ng mailing list submissions to
To subscribe or unsubscribe via the World Wide Web, visit
or, via email, send a message with subject or body 'help' to
You can reach the person managing the list at
When replying, please edit your Subject line so it is more specific than "Re: Contents of syslog-ng digest..."
Today's Topics:
1. unofficial syslog-ng 3.20 packages for Debian/Ubuntu
(Laszlo Budai)
2. Re: How to use regex in syslog-ng.conf (Péter)
3. Re: How to use regex in syslog-ng.conf (Fabien Wernli)
----------------------------------------------------------------------
Message: 1
Date: Fri, 1 Mar 2019 10:09:03 +0000
To: Syslog-ng users' and developers' mailing list
Subject: [syslog-ng] unofficial syslog-ng 3.20 packages for
Debian/Ubuntu
Message-ID:
Content-Type: text/plain; charset="iso-8859-1"
Hi,
syslog-ng 3.20.1[1] packages are available in OBS repo[2].
List of supported OSs:
* Debian 8.0
* Debian 9.0 [including armv7l]
* Ubuntu 14.04
* Ubuntu 16.04
* Ubuntu 16.10
* Ubuntu 17.04
* Ubuntu 17.10
* Ubuntu 18.04
* Ubuntu 18.10
Install
-------
example: Debian 9.0
1. get release key
2. add repo to APT sources
eg.: /etc/apt/sources.list.d/syslog-ng-obs.list
Then `apt-get update` and `apt-get install syslog-ng-core`
Links
--------
regards,
Laszlo Budai
-------------- next part --------------
An HTML attachment was scrubbed...
------------------------------
Message: 2
Date: Fri, 1 Mar 2019 11:34:00 +0100
To: "Syslog-ng users' and developers' mailing list"
Subject: Re: [syslog-ng] How to use regex in syslog-ng.conf
Message-ID:
Content-Type: text/plain; charset="utf-8"
Hello,
Based on your example one possible solution could be: match("cmd=username [a-z]+ privilege 15" value("MESSAGE"));
You could also check out the syslog-ng administrator guide, it covers a lot of possibilities:
--
Kokan
> Dear all,
>
> I am trying to use regex in syslog-ng.conf without success L
>
> Below is from my filter
>
> match("cmd=username toto privilege 15", value("MESSAGE"));
>
> could you please let me know how could I replace username toto with
> regex ? tried /w+ , but didn’t passing through
>
> Thank you very much for your instruction!
>
> VL
>
>
>
>
> ______________________________________________________________________
> _
>
> If you received this email in error, please advise the sender (by
> return email or otherwise) immediately. You have consented to receive
> the attached electronically at the above-noted email address; please
> retain a copy of this confirmation for future reference.
>
> Si vous recevez ce courriel par erreur, veuillez en aviser
> l'expéditeur immédiatement, par retour de courriel ou par un autre
> moyen. Vous avez accepté de recevoir le(s) document(s) ci-joint(s) par
> voie électronique à l'adresse courriel indiquée ci-dessus; veuillez
> conserver une copie de cette confirmation pour les fins de reference future.
>
>
> ______________________________________________________________________
> ________ Member info:
> Documentation:
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
------------------------------
Message: 3
Date: Fri, 1 Mar 2019 12:50:50 +0100
To: "Syslog-ng users' and developers' mailing list"
Subject: Re: [syslog-ng] How to use regex in syslog-ng.conf
Content-Type: text/plain; charset="iso-8859-1"
On Fri, Mar 01, 2019 at 11:34:00AM +0100, Péter, Kókai wrote:
> Hello,
>
> Based on your example one possible solution could be:
> match("cmd=username [a-z]+ privilege 15" value("MESSAGE"));
>
> You could also check out the syslog-ng administrator guide, it covers
> a lot of possibilities:
> e-edition/3.20/administration-guide/63#TOPIC-1122022
also, prefer single quotes over double quotes: will make escaping easier
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2801 bytes
Desc: not available
------------------------------
Subject: Digest Footer
_______________________________________________
------------------------------
End of syslog-ng Digest, Vol 167, Issue 1
*****************************************