Escaping open bracket and close bracket.
Hi all, I am trying to escape open and close brackets using a pattern.xml, but it doesn't works. Logfile comes in the following format: 1133422.221|<someuser@domain1.com|<anotheruser@domain2.com>|1.1.1.1|... I have tried different patterns .. The last one is: <pattern>@ESTRING::|@@ESTRING:.from:<>|@@ESTRING:.to:<>|@@ESTRING::|@</pattern> Any ideas??
Your @ESTRING:.from:<>|@ is specifying that the string must end with <>| but what you really want is a string that ends in |< Did you copy the line correctly. Your virst email address does not have a trailing > You could use @EMAIL:.from:<$gt;|@ which will match the email address and strip off any surrounding < pr > or | characters The first @EMAIL:.from:<$gt;|@ would leave the parsing pointer at the first character of the second email. So your whole pattern would be @ESTRING::|@@@EMAIL:.from:<$gt;|@@EMAIL:.to:<$gt;|@@ESTRING::|@ On 02/26/2014 04:37 AM, C. L. Martinez wrote:
Hi all,
I am trying to escape open and close brackets using a pattern.xml, but it doesn't works. Logfile comes in the following format:
1133422.221|<someuser@domain1.com|<anotheruser@domain2.com>|1.1.1.1|...
I have tried different patterns .. The last one is:
<pattern>@ESTRING::|@@ESTRING:.from:<>|@@ESTRING:.to:<>|@@ESTRING::|@</pattern>
Any ideas?? ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Evan Rempel erempel@uvic.ca Senior Systems Administrator 250.721.7691 Data Centre Services, University Systems, University of Victoria
Yep, many thanks Evan ...I can see where I made a mistake. On Wed, Feb 26, 2014 at 4:57 PM, Evan Rempel <erempel@uvic.ca> wrote:
Your @ESTRING:.from:<>|@
is specifying that the string must end with <>| but what you really want is a string that ends in |<
Did you copy the line correctly. Your virst email address does not have a trailing >
You could use
@EMAIL:.from:<$gt;|@
which will match the email address and strip off any surrounding < pr > or | characters
The first @EMAIL:.from:<$gt;|@ would leave the parsing pointer at the first character of the second email.
So your whole pattern would be
@ESTRING::|@@@EMAIL:.from:<$gt;|@@EMAIL:.to:<$gt;|@@ESTRING::|@
On 02/26/2014 04:37 AM, C. L. Martinez wrote:
Hi all,
I am trying to escape open and close brackets using a pattern.xml, but it doesn't works. Logfile comes in the following format:
1133422.221|<someuser@domain1.com|<anotheruser@domain2.com>|1.1.1.1|...
I have tried different patterns .. The last one is:
<pattern>@ESTRING::|@@ESTRING:.from:<>|@@ESTRING:.to:<>|@@ESTRING::|@</pattern>
Any ideas?? ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Evan Rempel erempel@uvic.ca Senior Systems Administrator 250.721.7691 Data Centre Services, University Systems, University of Victoria ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (2)
-
C. L. Martinez
-
Evan Rempel