23 Feb
2004
23 Feb
'04
7:34 p.m.
You can find something about regular expression (regexp) here http://en.wikipedia.org/wiki/Regular_expression , http://www.greenend.org.uk/rjk/2002/06/regexp.html , or just search the web.
The syslog-ng archive is browsable here : https://lists.balabit.hu/pipermail/syslog-ng/
About your regexp, i have not tried it but probably you could write something like ".*-fw-.*[13]$"
Thanks. I got it working with: filter f_testnotify { (host(".*\-fw\-.*\-(1|3)")) and (match("denied")); }; I did find the link to browse the messages, but would rather have done an exhaustive search before posting my question. Thanks for your reply! Craig