Hello, Based on your example one possible solution could be: match("cmd=username [a-z]+ privilege 15" value("MESSAGE")); You could also check out the syslog-ng administrator guide, it covers a lot of possibilities: https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edit... -- Kokan On Thu, Feb 28, 2019 at 3:50 PM Lin, Victor <victor.lin@rbc.com> wrote:

Dear all,

I am trying to use regex in syslog-ng.conf without success L

Below is from my filter

match("cmd=username toto privilege 15", value("MESSAGE"));

could you please let me know how could I replace username toto with regex ? tried /w+ , but didn’t passing through

Thank you very much for your instruction!

VL

_______________________________________________________________________

If you received this email in error, please advise the sender (by return email or otherwise) immediately. You have consented to receive the attached electronically at the above-noted email address; please retain a copy of this confirmation for future reference.

Si vous recevez ce courriel par erreur, veuillez en aviser l'expéditeur immédiatement, par retour de courriel ou par un autre moyen. Vous avez accepté de recevoir le(s) document(s) ci-joint(s) par voie électronique à l'adresse courriel indiquée ci-dessus; veuillez conserver une copie de cette confirmation pour les fins de reference future.

______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq