If you know this will be the rest of the message, you can use a capturing @ANYSTRING:var:@ to grab everything left in the message. On Sun, Jun 17, 2012 at 9:49 PM, Michael Starks <syslog-ng-list@michaelstarks.com> wrote:
On 06/17/2012 03:27 PM, Evan Rempel wrote:
You are missing the opening quote before the /etc/
Hmmm, well that does work, but it matches on the first /, resulting in something like 'etc/fstab'. Is there any way to match on the last / without knowing how many of them there will be in advance? ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq