I have syslog ng writing to a mysql pipe and then a little script reading the pipe and writing to the db. I currently receive many messages like the following, I wonder if somenone can help me figure out what this message is saying..... thanks. | mailux | syslog | notice | notice | 2d | 2007-04-13 | 01:16:40 | syslog-ng | syslog-ng[30548]: Log statistics; dropped='pipe(/tmp/mysql.pipe)=0', processed='center(queued)=40295', processed='center(received)=13206', processed='destination(d_mysql)=40295', processed='source(net_tcp)=0', processed='source(src)=8962', processed='source(net_udp)=4244' | 46674 | On 4/29/07, syslog-ng-request@lists.balabit.hu < syslog-ng-request@lists.balabit.hu> wrote:

Send syslog-ng mailing list submissions to syslog-ng@lists.balabit.hu

To subscribe or unsubscribe via the World Wide Web, visit https://lists.balabit.hu/mailman/listinfo/syslog-ng or, via email, send a message with subject or body 'help' to syslog-ng-request@lists.balabit.hu

You can reach the person managing the list at syslog-ng-owner@lists.balabit.hu

When replying, please edit your Subject line so it is more specific than "Re: Contents of syslog-ng digest..."

Today's Topics:

1. Re: turn off case sensitivity for match regex filter (Balazs Scheidler) 2. Re: turn off case sensitivity for match regex filter (stucky)

----------------------------------------------------------------------

Message: 1 Date: Sat, 28 Apr 2007 12:42:06 +0200 From: Balazs Scheidler <bazsi@balabit.hu> Subject: Re: [syslog-ng] turn off case sensitivity for match regex filter To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Message-ID: <1177756926.14925.17.camel@bzorp.balabit> Content-Type: text/plain

On Sat, 2007-04-28 at 01:52 -0700, stucky wrote:

...

Guys

Playing around with ng 2 and I started looking at the match filter again. Simple question that I cannot find an answer to anywhere on the net. How do I turn off case sensitivity for the match target ? I'd like the following line to match "error' or 'ERROR' or 'Error'

filter logparse { match("error"); };

but of course it only matches 'error' since by default regex is case sensitive. Basically I'm trying to emulate 'grep -i' I guess I could do this :

filter logparse { match("[Ee][Rr][Rr][Oo][Rr]"); }; but it'd be soo much simpler to turn off case sensitivity.

Yes, you are right. But it's not currently possible. It should be however, I'll try to add it in the nearfuture.

...

And while we're talking regex. Shouldn't the above line actually read like this :

filter logparse { match(".+error.+"); }; ?

meaning "anything followed by 'error' followed by anything" Both appear to work so I assume the first line is interpreted by syslog-ng like the second line correct ?

syslog-ng interprets "match" the same as grep, e.g. it does not care where the pattern is found. if you want to match the beginning or the end of line, you need to use explicit ^ and $ characters.

-- Bazsi

------------------------------

Message: 2 Date: Sat, 28 Apr 2007 12:44:04 -0700 From: stucky <stucky101@gmail.com> Subject: Re: [syslog-ng] turn off case sensitivity for match regex filter To: "Syslog-ng users' and developers' mailing list" <syslog-ng@lists.balabit.hu> Message-ID: <30997e260704281244g6f1225bfwc7da2b4e05fdfd9f@mail.gmail.com> Content-Type: text/plain; charset="utf-8"

Baszi

Cool. I'm in the middle of building a new infrastructure and would like to use this feature. I'm not a programmer but I assume adding this feature shouldn't be very hard at all right ? If you had a rough ETA that'd help me.

thx

On 4/28/07, Balazs Scheidler <bazsi@balabit.hu> wrote:

...

On Sat, 2007-04-28 at 01:52 -0700, stucky wrote:

...

Guys

Playing around with ng 2 and I started looking at the match filter again. Simple question that I cannot find an answer to anywhere on the net. How do I turn off case sensitivity for the match target ? I'd like the following line to match "error' or 'ERROR' or 'Error'

filter logparse { match("error"); };

but of course it only matches 'error' since by default regex is case sensitive. Basically I'm trying to emulate 'grep -i' I guess I could do this :

filter logparse { match("[Ee][Rr][Rr][Oo][Rr]"); }; but it'd be soo much simpler to turn off case sensitivity.

Yes, you are right. But it's not currently possible. It should be however, I'll try to add it in the nearfuture.

...

And while we're talking regex. Shouldn't the above line actually read like this :

filter logparse { match(".+error.+"); }; ?

meaning "anything followed by 'error' followed by anything" Both appear to work so I assume the first line is interpreted by syslog-ng like the second line correct ?

syslog-ng interprets "match" the same as grep, e.g. it does not care where the pattern is found. if you want to match the beginning or the end of line, you need to use explicit ^ and $ characters.

-- Bazsi

_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html

-- stucky