[syslog-ng]using ^ and/or $ in a regular expression match
Christian Korschan
Christian.Korschan@CTBTO.ORG
Tue, 2 Oct 2001 06:32:54 +0000 (GMT)
On Tue, 2 Oct 2001, Masahiro Hirako wrote:
> Hello, I've just begun using syslog-ng 1.4.12.
> Excuse me if the following problem is a FAQ, but I couldn't find an
> answer from the log, manual, reference.
>
> On Thu, 14 Jun 2001, nick nick@digitalwest.net wrote about the match()
> function problem, and I also have the similar one.
> (http://lists.balabit.hu/pipermail/syslog-ng/2001-June/001584.html)
>
> The problem is '*' '?', or '+' in match() function.
> The following filter below seems to fail.
>
> -------------------------------
> filter f1 { match("abc*");};
> ---------------------------------
>
> I also tried match("abc\*"), match("abc\\*"), but those didn't work
> too.
> I know match("abc") is enough to resolve the sample problem, and it
> worked, but I want to make a filter like "abc*:xyz".
>
> Dose the match() function really resolve the regular expression?
> Or is the way I use match() wrong?
>
Hmm - I assume you want to match "abc*:xyz":
try match("abc.*") or match("abc.*:xyz")
to be really exact you can try match("^abc.*:xyz$")
Not that ".*" matches 0 or more characters, "\*" would match exactly
one "*"
See regexp(5) (section may differ in your case)
regards
--
Christian Korschan Systems Specialist CTBTO/IDC
Vienna International Centre Email: Christian.Korschan@CTBTO.ORG
P.O. BOX 1200 Phone: +43(1)26030 6184
A-1400 Vienna, Austria FAX: +43(1)26030 5932