[syslog-ng]regex and priority(local7) question
cdowns
syslog-ng@lists.balabit.hu
Mon, 01 Mar 2004 11:11:03 -0600
Good Morning,
Im new to the list and have a couple questions.
I have a PIX firewalls logging on local7.info, how can I match this
correctly ? I also have switches logging on local7.info but I need this
one pix removed and placed into its own destination.
Where can i get a list of the regex syntax used in syslog-ng ? like
perl / awk / grep etc.. .
Here is what I currently have:
------ Snip -------
## Regex
filter f_fw01 {
host("x.x.x.x") and match("PIX");
};
filter f_fw02 {
host("x.x.x.x") and match("PIX");
};
filter f_fw03 {
host("x.x.x.x") and match("PIX");
};
filter f_fw04 {
host("x.x.x.x") and match("PIX");
};
#!!! not working yet.. .
filter f_pix{
facility(local7) and match("%PIX*");
};
filter f_iss {
match("issDaemon");
};
filter f_snmp {
match("ucd-snmp");
};
## everything else incoming
filter f_local7 { facility(local7); };
----- snip ------
TIA.
~!>D