[syslog-ng]Question on match() expression
Antai Ning
aning@jetnet.ca
Fri, 19 Oct 2001 10:51:30 -0400
Hi there,
I know I shouid search the archive first before I ask. So I did that and
here is the question that I haven't found an answer...
I want to create a filter to capture certain messages from syslog. The
message I want to match is something like this: "[out-proxy]: tcp from
192.168.10.28-3933 to 216.191.40.60-80 established". I tried
1. match("\[out-proxy\]: .*tcp from .* to .*-80 established");
2. match("\[out-proxy]: .*tcp from .* to .*-80 established");
3. match("[out-proxy]: .*tcp from .* to .*-80 established");
4. match(".*out-proxy.*: .*tcp from .* to .*-80 established");
Only #4 works. It seems that it doesn't understand "[" and "]" and esc"\". I
want a exact match for "[out-proxy]" anyway. So how to do that?
Thanks in advance!
Andy
Internetworking Applications Engineer
JETNET InternetWorking Services Inc.
Email : aning@jetnet.ca
Web : http://www.jetnet.ca
Phone : (613) 237-5995 x 369
Fax : (613) 271-6229