[syslog-ng] match text within message
Roberto Nibali
ratz at tac.ch
Mon Oct 3 15:28:30 CEST 2005
> "Message: %PIX-51-100908: Teardown UDP connection 30292827 for
> THEFORCEVPN:123.45.678.91/3130 to inside:987.65.4.3/53 duration.......etc.."
>
> "Message: %PIX-51-070605: Teardown UDP connection 26252423 for
> ISSTRONGVPN:111.21.314.15/3130 to inside:987.65.4.4/53
> <http://210.65.4.4/53> duration.......etc.."
>
> I am trying to match 987.65.4.3 or 987.65.4.3/53 and 987.65.4.4
match A or A/B and C
I (boldly) presume you want:
match A/B or C/B
> <http://210.65.4.4>. Here is my syntax:
>
> filter f_pix { match(PIX) and not match("987.65.4.3") and not
> match("987.65.4.4 <http://210.65.4.4>"); };
So you write:
match PIX and not A and not B
> Any suggestions?
filter f_pix {
match("PIX") and match("987.65.4.[34]");
};
This could do the trick for you. Of course assuming my interpretation of
your wish is correct. But it should get you on the right path anyway.
As a sidenote: Please try not to send html messages in your emails, one
of the reasons can be seen when looking at my reply above (the http://
stuff).
Best regards,
Roberto Nibali, ratz
--
-------------------------------------------------------------
addr://Kasinostrasse 30, CH-5001 Aarau tel://++41 62 823 9355
http://www.terreactive.com fax://++41 62 823 9356
-------------------------------------------------------------
terreActive AG Wir sichern Ihren Erfolg
-------------------------------------------------------------
More information about the syslog-ng
mailing list