Allan Wind wrote:
On 2003-12-16T09:52:46+0000, Jim Mozley wrote:
Allan Wind wrote:
Dec 11 15:25:10 log_source@pawan amavis[29961]: (29961-01-2) Passed, <syslog-ng-admin@lists.balabit.hu> -> <allanwind@lifeintegrity.com>, Message-ID: <20031211202502.22100.73262.Mailman@www.balabit.hu>, Hits: -1.364
[...]
What is it that you are trying to match?
Is it "(ddddd-dd-d) Passed"?
Good eyes. I am trying to be very specific and only match("^... Passed") which in this case probably works out to:
match("[^:]+: \\([^\\)]\\) Passed, ")
I have to confess I've not needed to match on anything other than a simple word yet in my syslog-ng.conf, but I'm fairly familiar with regex in general. I thought I'd look at this as I need to do a more complex match. The complex matches I use are in swatch and hence perl regex. Afraid I don't understand why you are trying to match in the way you are, for instance within the parentheses why not match [-0-9]+ or [-\d]+ if \d is supported?
Perhaps we could document exactly what should be quoted? I mean, why is literal '(' written as '\\(' and not '\\\('? What charachters need to be quoted? Exactly what type of regex is supported, I did not manage getting \d working, but that could be because I got quoting wrong (is it \\d)?
Sorry cannot help with this yet. I tried to find some info on what particular features syslog-ng regex supports and haven't so far. If I come across something I will post it. If there is anyone who can point to this in the doco or man pages please let me know; I haven't found it, haven't come across anything on google or the FAQ and the list archive isn't searchable unless I download the lot!
I noticed, that if you send a signal 1 to a running syslog-ng process asking it to load a syslog-ng.conf with syntax error, then the process dies. Should it just log something and refuse to load the new syslog-ng.conf instead?
I think there is a way around this. Try putting it on a test machine and using something like the -d option. It may be you can use a second config file using the -f option as a test file in conjunction with -d. Jim