Balazs Scheidler <bazsi@balabit.hu> writes:
On Thu, 2011-12-15 at 08:53 -0500, vincent@ragosta.net wrote:
Is it possible to specify a restriction on the minimum length of a syslog message? We often receive small, malformed messages that we do not want to transmit.
Right now it isn't. Maybe if you could match against them with a regexp, though that could be expensive. IIRC PCRE has repetition count limits, so you could do something like:
To match for maximum 16 characters.
filter f_malformed { match('.{,16}'); };
I'm not sure about the syntax though.
Another option is to write a template function that returns the string length, and combine that with $(if). So we'd end up with something like this: f_malformed { match ('-', value ("$(if ($(length "${MSG}") <= 16) "-" "+")")); }; The if would return - if the message is shorter or equal to 16 chars, + otherwise, and the match would match only those that are -. This might be faster than the regexp trick, but requires writing the length template function. Doing so would be very easy though, about 10 lines of code or so. -- |8]