Hello,
targeted string is "unknown[a.b.c.d]"
my filter:
filter f_conn_from_unk_private { not match ("unknown\[(10\.1\.|10\.2\.|10\.10\.5\.|192\.168\.200)"); };
error:
Error compiling regular expression; re='[(10.1.|10.2.|10.10.5.|192.168.200)', error='brackets ([ ]) not balanced'
I can't confirm this behaviour, as the following does work for me:
filter f_internal_statistics { match("^syslog-ng\[[[:digit:]]+.: STATS") or match ("^syslog-ng\[[[:digit:]]+\]: Log statistics"); };
What syslog-ng version are you using? Mine is 2.0.9
Installed with FreeBSD pkg_add from freshports.org, pkg_info shows: "syslog-ng2-2.0.9_1 A powerful syslogd replacement" I conclude that I've found a bug in the parsing of the escape sequence "\[" , and will look for a work around. thanks, Len ______________________________________________ IMGate OpenSource Mail Firewall www.IMGate.net