On Tue, 2011-03-29 at 12:15 +0200, Roland Kamke wrote:
Thank you, Robert.
I guess since I only have syslog-ng OSE 3.0.10-1.rhel5 this regexp comparison stuff won't work anyway - that's a pity. I have to use CentOS 5 - do you know some yum repository providing newer OSE versions then 3.0.10-1.rhel5, e. g. OSE 3.3 or 3.2?
Well, with the Open Source stuff, I only compile for a single platform when doing a release because of my limited time to do releases. You are lucky, since the only platform I do release binaries for is Linux, but not in RPM format, but rather in a self-extracting archive, that supports a number of different Linux distributions. Here's the installer for 3.2.2: http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/3.2.2/s... It'll install in /opt/syslog-ng to avoid interference with system-installed syslog-ng binaries. That's all that the syslog-ng project is providing on its own. We do work with various distributions however to update their packages, and I know 3.2 is already available in a number of them (openSUSE, Mandriva, FreeBSD, perhaps others too). The commercial syslog-ng product (called the Premium Edition), which is doing releases independently from the open source one, has packages for RHEL5 (and other 40 UNIX version/CPU combinations), but their latest release (4.0) is using an older syslog-ng core, thus this new functionality is not yet available there either. The upcoming PE release (4.1) which is going to use updated OSE core is expected in Q2 2011, so quite soon now.
Regards, Roland
-----Ursprüngliche Nachricht----- Von: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] Im Auftrag von Fekete Robert Gesendet: Dienstag, 29. März 2011 11:57 An: Syslog-ng users' and developers' mailing list Betreff: Re: [syslog-ng] Regexp values in comparison
Hi, yes, you can do such things in syslog-ng OSE 3.2 and 3.3, but not in earlier versions.
Check out https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-v3.2-gui... for details.
Regards, Robert
On 03/29/2011 10:27 AM, Roland Kamke wrote:
A newbie question: Is it possible to use values matching a regular expression in a comparison?
Imagine I receive messges like this: "Disk usage is 60%", "Disk usage is 80%", etc. All match the regular expression "Disk usage is [0-9]+%". I do not want to log all these messages, but only those where disk usage is at least 75 per cent. Can this be achieved by proper configuration? Where to look in the documentation?
Currently I am stuck with this approch: parser p_disk { csv-parser(columns("fix.disk","fix.usage", "fix.is", "diskusage") delimiters(" %") ); }; filter f_disk_syntax { message("Disk usage is [0-9]+%"); }; filter f_disk_usage { "$diskusage" > "75" }; log l_mylog { source(...); filter(f_disk_syntax); parser(p_disk); filter(f_disk_usage); destination(...); };
Is this a useful approach? Can it be accomplished with fewer definitions? The definition of f_disk_usage results in a syntax error. What would be the right syntax? filter f_disk_usage { "$diskusage" > "75" }; filter f_disk_usage { "$diskusage" ge "75" }; filter f_disk_usage { value("diskusage") > "75" }; filter f_disk_usage { "$diskusage" > 75}; filter f_disk_usage { "${diskusage}" > "75" }; filter f_disk_usage { ${diskusage} > "75" };
Will I need to set up a pattern database to get rid of all unwanted messages?
Thank you Roland
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- Bazsi