Hi, Phusion <phusion2k@gmail.com> [20070111 12:14:23 -0600]:
I need some help in my config file using regular expressions. This filter is for http requests from Apache. I am trying to get this filter to catch the following two types of messages.
httpd[....] and /websites/abc/test logger: and test.abc.com
I have tried the following.
filter fd_httpd_test.abc.com { match("httpd[\[0-9]+\]") and match("/websites/abc/test") or match("logger:") and match("test.abc.com"); };
I also tried this.
filter fd_httpd_test.abc.com { match("httpd[\[0-9]+\]*/websites/abc/test") or match("logger:*test.abc.com"); };
Time to brush up on your regex. There are a bunch of 'special' characters that need to be escaped (with a backslash '\') if you want to explicitly look for them. * '.' means any character * '/' means, well its hard to explain but its used to make the regex perform a function * '[' and ']' are used to say things like "one character for the list contained within the square brackets. So '[abc]' would say a single instance of either 'a', 'b' or 'c' A good starting point would be to have a look at: http://www.regular-expressions.info/quickstart.html I'm guessing the following will match: filter fd_httpd_test.abc.com { ( match("httpd\[[0-9]+\]:") and match("\/websites\/abc\/test") ) and ( match("logger:") and match("test\.abc\.com") ); }; Cheers Alex