You can find something about regular expression (regexp) here http://en.wikipedia.org/wiki/Regular_expression , http://www.greenend.org.uk/rjk/2002/06/regexp.html , or just search the web. The syslog-ng archive is browsable here : https://lists.balabit.hu/pipermail/syslog-ng/ About your regexp, i have not tried it but probably you could write something like ".*-fw-.*[13]$" Amodiovalerio [Hypo] Verde ----- Original Message ----- From: "Treptow, Craig" <Treptow.Craig@principal.com> To: "Syslog-Ng List (E-mail)" <syslog-ng@lists.balabit.hu> Sent: Monday, February 23, 2004 6:47 PM Subject: [syslog-ng]host() regular expressions

Hi folks. I just started running syslog-ng in test mode while I work out some issues and experiment. The version is 1.6.2 running on Solaris 8.

I'm attempting to match subsets of hostnames like this:

corp1-fw-pbx-1 corp1-fw-pbx-2 indharrisburg1pa-fw-1

I've been trying to match firewalls with names ending in 1 or 3, but am having no success:

.*-fw-.*[12]

filter f_testnotify { (host("/.*\-fw\-.*(1|3)")) and (match("denied")); };

The reference documentation doesn't seem to cover this in detail. If somebody could help me, or point me to some more detailed documentation, I would appreciate it.

Also, are the archives to this list searchable? I haven't been able to find that either.

Thanks,

Craig _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html