[syslog-ng]Regular Expressions with Syslog-nt

Balazs Scheidler bazsi@balabit.hu
Mon, 4 Feb 2002 16:01:47 +0100

On Wed, Jan 30, 2002 at 01:50:18PM -0600, Leon Oosterwijk wrote:
> All, 
> I'm trying to use Regular Expressions for my hostname. I'm running into
> somewhat of a problem with finding out what I can match on. Here are my
> questions. 
> I appears that the logging only matches on the host portion of the hostname
> unless you turn on use_fqdn(yes); in the options section. However, if I turn
> this on, it will start writing the entries to the log file as:
> > Jan 30 13:19:15 gw03-bna.isdn.net/gw03-bna.isdn.net
> I wish it to only write 
> > Jan 30 13:19:15 gw03-bna/gw03-bna
> But still be able to match on FQDN. 
> (BTW, what is the deal with the hostname/hostname. Can I make it just be
> "hostname" no slashes, and name duplication)

it is a new style of hostname logging, and is useful if you have several
relays. Each relay records its hostname in the hostname, so you know the
path the message traversed. To turn it off use the chain_hostnames(off)
global option.

> The second issue is the RegEx Syntax. I'm trying this:
> filter f_rtr_bna { host("^.*rtr.nrep.bna.isdn.net$");   };
> filter f_rtr_mem { host("^.*mem.isdn.net$");   };
> Which is obviously not working. What do need to do here?

you are right about the hostname behaviour. you can match the same hostname
which is in the logfiles. It wouldn't be too difficult to implement this

PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1