[syslog-ng]RegExp filters / match ?

Brian Ipsen syslog-ng@lists.balabit.hu
Wed, 25 Jun 2003 11:45:37 +0200


Hi!

 I'm trying to mask out snmptrap from different hosts.... I've created:

filter f_snmptrapd_test   { program(snmptrapd) and
           match("snmptrapd\[[0-9]{1,5}\]:
(192.168.0.230|192.168.0.231|192.168.1.230|192.168.1.231|192.168.1.232):
"); };

The question is just the match() statement.... Is snmptrapd included for
usage with match (since snmptrapd is the program) ? If not, how much of the
message below is the string used for the regular expression with match() ?

Jun 25 11:26:56 sigma snmptrapd[16138]: 192.168.1.230: Enterprise Specific
Trap (1) Uptime: 121 days, 21:32:17.60, OLD-CISCO-TS-MIB::tslineSesType.1.1
= INTEGER: telnet(5),
RFC1213-MIB::tcpConnState.192.168.1.230.23.192.168.1.178.43819 = INTEGER:
synReceived(4),
OLD-CISCO-TCP-MIB::loctcpConnElapsed.192.168.1.230.23.192.168.1.178.43819 =
Wrong Type (should be Timeticks): INTEGER: 1150,
OLD-CISCO-TCP-MIB::loctcpConnInBytes.192.168.1.230.23.192.168.1.178.43819 =
INTEGER: 110,
OLD-CISCO-TCP-MIB::loctcpConnOutBytes.192.168.1.230.23.192.168.1.178.43819 =
INTEGER: 420, OLD-CISCO-TS-MIB::tsLineUser.1 = ""

Or how do I mask traps from specific hosts into a seperate logfile ?

Regards,

/Brian