[syslog-ng]host() regular expressions
Treptow, Craig
syslog-ng@lists.balabit.hu
Mon, 23 Feb 2004 13:34:02 -0600
>You can find something about regular expression (regexp) here
>http://en.wikipedia.org/wiki/Regular_expression ,
>http://www.greenend.org.uk/rjk/2002/06/regexp.html , or just=20
>search the web.
>
>The syslog-ng archive is browsable here :
>https://lists.balabit.hu/pipermail/syslog-ng/
>
>About your regexp, i have not tried it but probably you could write
>something like ".*-fw-.*[13]$"
Thanks. I got it working with:
filter f_testnotify {
(host(".*\-fw\-.*\-(1|3)")) and
(match("denied"));
};
I did find the link to browse the messages, but would rather have done =
an exhaustive search before posting my question.
Thanks for your reply!
Craig