[syslog-ng] match(regex) problem
Staszek Pitucha
viraptor at kni.prz.rzeszow.pl
Sat Dec 17 22:14:17 CET 2005
Hello
I've tried to setup some filters lately (v1.9.7).
There's a problem with regex character ^. For example I want to filter
out "Accepted password" and my home ip from sshd logs, so I setup:
filter f_sshd {
(program("sshd") and not (
(match("Accepted password") and match("from 123\.456\.789\.012")) or
// other rules
)) or
not program("sshd");
};
Works ok, but I want to filter only messages starting with "Accepted
password", but "^Accepted password" doesn't work.
Yes - I know - don't use ^, so it's faster. Anyway - "^Accepted" should
work as a match pattern and it doesn't. (it should match only the "text"
part of message, am I right?)
TIA
More information about the syslog-ng
mailing list