On 2003-12-16T09:52:46+0000, Jim Mozley wrote:
Allan Wind wrote:
Dec 11 15:25:10 log_source@pawan amavis[29961]: (29961-01-2) Passed, <syslog-ng-admin@lists.balabit.hu> -> <allanwind@lifeintegrity.com>, Message-ID: <20031211202502.22100.73262.Mailman@www.balabit.hu>, Hits: -1.364
[...]
What is it that you are trying to match?
Is it "(ddddd-dd-d) Passed"?
Good eyes. I am trying to be very specific and only match("^... Passed") which in this case probably works out to: match("[^:]+: \\([^\\)]\\) Passed, ") Perhaps we could document exactly what should be quoted? I mean, why is literal '(' written as '\\(' and not '\\\('? What charachters need to be quoted? Exactly what type of regex is supported, I did not manage getting \d working, but that could be because I got quoting wrong (is it \\d)? I noticed, that if you send a signal 1 to a running syslog-ng process asking it to load a syslog-ng.conf with syntax error, then the process dies. Should it just log something and refuse to load the new syslog-ng.conf instead? /Allan -- Allan Wind P.O. Box 2022 Woburn, MA 01888-0022 USA