$1 is the first group (eg parentheses), whereas $0 is the entire match. This matches the convention of other regexp tools. The documentation should be improved if its not clear enough. On Jun 16, 2015 19:47, "westlake" <westlake2012@videotron.ca> wrote:
figured it out with a filter function, apparently I had to use $0 instead of $1 which was the main problem.
what is found on the regexp page is the range of using between $1 and $255 but not $0 "Store the matches of the regular expression into the $1, ... $255 variables." over on page,
https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-g...
though here with
https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-g...
"Custom values created using rewrite rules or parsers can be modified as well, just like stored matches of regular expressions ($0 ... $255)."
I tried to use $1 $2 or $3 where I would get "333." for $1, "333" for $2 and "444" for $3 for an ip address of 111.222.333.444
could this be a bug? I'm currently using the following while trying to recall the match of an ip address.
rewrite r_test{ set("$0", value("ATEST")); };
filter f_test{
message("(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])" flags(store-matches) ); };
and a simple logging with,
destination d_dst{ file("/var/log/syslog-ng/${YEAR}-${MONTH}-${DAY}.log" template("${R_DATE} ${ATEST}\n")); };
log { source(s_src); filter(f_test); rewrite(r_test); destination(d_dst); };
thanks
On 16/06/15 04:29 AM, westlake wrote:
I'm stumped on a little problem with syslog-ng, basically what I'm trying to do is extract text from a string and place that into a new macro, eg -> set($(substr ${MSG} 7 12), value("${MACRO");
here the syntax checker stops short around the first dollar sign and i'm not sure how else I can apply this.
thanks
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq