Bazsi -

Thank you for taking the time to look at my situation.

> Also, I can see that you tried to escape the dot, right after "10", but
> you only used a single escape, which escapes for syslog-ng, but doesn't
> embed a backslash for the regexp parser.

"10\.\d+\.\d*[0-4]\." (kiwi) -> "10\.\\d+\.\\d*[0-4]\." (syslog-ng)

I am escaping a literal "." in the IP address (I want to match on "10." specifically.)


> This reminds me to an unrelated note, that if you use single quotes in
> syslog-ng, you don't need to escape the backslash, e.g.

> match("\\.") is equivalent to match('\.')

This is great to know!  Sure cleans up some of my filters.  Thanks!

> Another unrelated note is that syslog-ng supports PCRE regular
> expressions if you have that compiled in, PCRE supports \d, and you can
> use it like this:

> match('10\.\d+' type(pcre));

Unfortunately, this didn't work either, so PCRE must not be compiled in on my system.  However, THIS works!

'10\.[[:digit:]]+\.[[:digit:]]*[0-4]\.'

Thanks again!

Phil

Notice: This e-mail message and its attachments are the property of Wendy's/Arby's Group Inc. 
or one of its subsidiaries and may contain confidential or legally privileged information intended
solely for the use of the addressee(s). If you are not an intended recipient, then any use, copying or
distribution of this message or its attachments is strictly prohibited. If you received this message in
error, please notify the sender and delete this message entirely from your system.