Hello, By simple you mean you want a more compact regular expression ? Just shortening you could do something like this: "AAA-6-AAA_ACCOUNTING_MESSAGE: [^@]+@[^:]+:[^:]+:[a-zA-Z]+ user" But this would match your example fine: "AAA-6-AAA_ACCOUNTING_MESSAGE: .+:[a-zA-Z]+ user". Do you have pattern that you do not want to match ? Is there any description about the message format that you want to match ? As I would try to build a regex for that instead guessing. -- Kokan On Sat, Mar 2, 2019 at 11:28 PM Lin, Victor <victor.lin@rbc.com> wrote:
Thanks a lot Kokan!!!!!
I got the result :-)
One more question For the following two %AAA-6-AAA_ACCOUNTING_MESSAGE: update:10.94.200.210@pts/0:syslogtest:deleted user victor %AAA-6-AAA_ACCOUNTING_MESSAGE: update:10.94.201.173@pts/0:syslogtest:added user victor
I try to use the following regex to match the text in red color, it shows works.
AAA-6-AAA_ACCOUNTING_MESSAGE: [a-zA-Z0-9]+:[0-9.]+@[a-zA-Z0-9]+\/[a-zA-Z0-9]+:[a-zA-Z0-9]+:[a-zA-Z]+ user
Is there a simple way to math " update:10.94.200.210@pts/0:syslogtest:"
Thank you very much again‼‼!
VL
-----Original Message----- From: syslog-ng [mailto:syslog-ng-bounces@lists.balabit.hu <syslog-ng-bounces@lists.balabit.hu>] On Behalf Of syslog-ng-request@lists.balabit.hu Sent: 2019, March, 01 7:00 AM To: syslog-ng@lists.balabit.hu Subject: syslog-ng Digest, Vol 167, Issue 1
Send syslog-ng mailing list submissions to syslog-ng@lists.balabit.hu
To subscribe or unsubscribe via the World Wide Web, visit https://lists.balabit.hu/mailman/listinfo/syslog-ng or, via email, send a message with subject or body 'help' to syslog-ng-request@lists.balabit.hu
You can reach the person managing the list at syslog-ng-owner@lists.balabit.hu
When replying, please edit your Subject line so it is more specific than "Re: Contents of syslog-ng digest..."
Today's Topics:
1. unofficial syslog-ng 3.20 packages for Debian/Ubuntu (Laszlo Budai) 2. Re: How to use regex in syslog-ng.conf (Péter) 3. Re: How to use regex in syslog-ng.conf (Fabien Wernli)
----------------------------------------------------------------------
Message: 1 Date: Fri, 1 Mar 2019 10:09:03 +0000 From: Laszlo Budai <laszlo.budai@outlook.com> To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Subject: [syslog-ng] unofficial syslog-ng 3.20 packages for Debian/Ubuntu Message-ID: < VI1PR0601MB2237CC24E8908466F6ABC1B38E760@VI1PR0601MB2237.eurprd06.prod.outlook.com
Content-Type: text/plain; charset="iso-8859-1"
Hi,
syslog-ng 3.20.1[1] packages are available in OBS repo[2].
List of supported OSs: * Debian 8.0 * Debian 9.0 [including armv7l] * Ubuntu 14.04 * Ubuntu 16.04 * Ubuntu 16.10 * Ubuntu 17.04 * Ubuntu 17.10 * Ubuntu 18.04 * Ubuntu 18.10
Install -------
example: Debian 9.0
1. get release key wget -qO - http://download.opensuse.org/repositories/home:/laszlo_budai:/syslog-ng/Debi... | sudo apt-key add -
2. add repo to APT sources eg.: /etc/apt/sources.list.d/syslog-ng-obs.list deb http://download.opensuse.org/repositories/home:/laszlo_budai:/syslog-ng/Debi... ./
Then `apt-get update` and `apt-get install syslog-ng-core`
Links -------- [1] https://github.com/balabit/syslog-ng/releases/tag/syslog-ng-3.20.1 [2] https://build.opensuse.org/package/show/home:laszlo_budai:syslog-ng/syslog-n...
regards, Laszlo Budai