Thanks for taking a look. The regexes should all be quite fast since they are anchored to the start of the buffer, but I didn't see if they could be combined into a single regex. I was mainly curious as to whether there was another (faster) way other than the condition() parameter for rewrite(). On Tue, Feb 7, 2012 at 10:27 AM, Gergely Nagy <algernon@balabit.hu> wrote:
Martin Holste <mcholste@gmail.com> writes:
Well, you're certainly welcome to write a Cisco parser, but in my situation, I can't filter by IP since I don't know what IP's will be Cisco.
I see. Then perhaps a parser + filter combo would do the trick for you. By the looks of it, all three types of messages are reasonably easy and fast to identify..
I'll see what I can do. I'll also have a look at the regexps you posted, as speeding those up, if possible, would provide a more immediate improvement. :)
-- |8]
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq