I have syslog ng writing to a mysql pipe and then a little script reading the pipe and writing to the db. I currently receive many messages like the following, I wonder if somenone can help me figure out what this message is saying..... thanks.
| mailux | syslog | notice | notice | 2d | 2007-04-13 | 01:16:40 | syslog-ng | syslog-ng[30548]: Log statistics; dropped='pipe(/tmp/mysql.pipe)=0', processed='center(queued)=40295', processed='center(received)=13206', processed='destination(d_mysql)=40295', processed='source(net_tcp)=0', processed='source(src)=8962', processed='source(net_udp)=4244' | 46674 |
On 4/29/07, syslog-ng-request@lists.balabit.hu <
syslog-ng-request@lists.balabit.hu> wrote:Send syslog-ng mailing list submissions to
syslog-ng@lists.balabit.hu
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.balabit.hu/mailman/listinfo/syslog-ng
or, via email, send a message with subject or body 'help' to
syslog-ng-request@lists.balabit.hu
You can reach the person managing the list at
syslog-ng-owner@lists.balabit.hu
When replying, please edit your Subject line so it is more specific
than "Re: Contents of syslog-ng digest..."
Today's Topics:
1. Re: turn off case sensitivity for match regex filter
(Balazs Scheidler)
2. Re: turn off case sensitivity for match regex filter (stucky)
----------------------------------------------------------------------
Message: 1
Date: Sat, 28 Apr 2007 12:42:06 +0200
From: Balazs Scheidler <bazsi@balabit.hu
>
Subject: Re: [syslog-ng] turn off case sensitivity for match regex
filter
To: Syslog-ng users' and developers' mailing list
<syslog-ng@lists.balabit.hu
>
Message-ID: <1177756926.14925.17.camel@bzorp.balabit>
Content-Type: text/plain
On Sat, 2007-04-28 at 01:52 -0700, stucky wrote:
> Guys
>
> Playing around with ng 2 and I started looking at the match filter
> again.
> Simple question that I cannot find an answer to anywhere on the net.
> How do I turn off case sensitivity for the match target ?
> I'd like the following line to match "error' or 'ERROR' or 'Error'
>
> filter logparse { match("error"); };
>
> but of course it only matches 'error' since by default regex is case
> sensitive.
> Basically I'm trying to emulate 'grep -i'
> I guess I could do this :
>
> filter logparse { match("[Ee][Rr][Rr][Oo][Rr]"); }; but it'd be soo
> much simpler to turn off case sensitivity.
Yes, you are right. But it's not currently possible. It should be
however, I'll try to add it in the nearfuture.
>
> And while we're talking regex. Shouldn't the above line actually read
> like this :
>
> filter logparse { match(".+error.+"); }; ?
>
> meaning "anything followed by 'error' followed by anything"
> Both appear to work so I assume the first line is interpreted by
> syslog-ng like the second line correct ?
syslog-ng interprets "match" the same as grep, e.g. it does not care
where the pattern is found. if you want to match the beginning or the
end of line, you need to use explicit ^ and $ characters.
--
Bazsi
------------------------------
Message: 2
Date: Sat, 28 Apr 2007 12:44:04 -0700
From: stucky <stucky101@gmail.com>
Subject: Re: [syslog-ng] turn off case sensitivity for match regex
filter
To: "Syslog-ng users' and developers' mailing list"
<syslog-ng@lists.balabit.hu>
Message-ID:
<
30997e260704281244g6f1225bfwc7da2b4e05fdfd9f@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Baszi
Cool. I'm in the middle of building a new infrastructure and would like to
use this feature. I'm not a programmer but I assume adding this feature
shouldn't be very hard at all right ?
If you had a rough ETA that'd help me.
thx
On 4/28/07, Balazs Scheidler <
bazsi@balabit.hu> wrote:
>
> On Sat, 2007-04-28 at 01:52 -0700, stucky wrote:
> > Guys
> >
> > Playing around with ng 2 and I started looking at the match filter
> > again.
> > Simple question that I cannot find an answer to anywhere on the net.
> > How do I turn off case sensitivity for the match target ?
> > I'd like the following line to match "error' or 'ERROR' or 'Error'
> >
> > filter logparse { match("error"); };
> >
> > but of course it only matches 'error' since by default regex is case
> > sensitive.
> > Basically I'm trying to emulate 'grep -i'
> > I guess I could do this :
> >
> > filter logparse { match("[Ee][Rr][Rr][Oo][Rr]"); }; but it'd be soo
> > much simpler to turn off case sensitivity.
>
> Yes, you are right. But it's not currently possible. It should be
> however, I'll try to add it in the nearfuture.
>
> >
> > And while we're talking regex. Shouldn't the above line actually read
> > like this :
> >
> > filter logparse { match(".+error.+"); }; ?
> >
> > meaning "anything followed by 'error' followed by anything"
> > Both appear to work so I assume the first line is interpreted by
> > syslog-ng like the second line correct ?
>
> syslog-ng interprets "match" the same as grep, e.g. it does not care
> where the pattern is found. if you want to match the beginning or the
> end of line, you need to use explicit ^ and $ characters.
>
> --
> Bazsi
>
> _______________________________________________
> syslog-ng maillist - syslog-ng@lists.balabit.hu
>
https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>
--
stucky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070428/c3bdb0f9/attachment.html
------------------------------
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
End of syslog-ng Digest, Vol 24, Issue 32
*****************************************
--
Regards,
Fabian Pucciarelli