[syslog-ng] Regex subpattern macros [1.9.9]
Vincent Haverlant
vincent at haverlant.org
Wed Mar 8 17:26:23 CET 2006
Le Tue Mar 7 18:18:08 2006, Mel Collins a écrit:
| Hi,
| I'm using syslog-ng's match filter to extract parts of messages for use in
| parts of the destination; specifically in the log file name and template
| sections.
| The messages sent to syslog-ng for this purpose are all of the format:
| "<filename> <message>" (plus whatever sl-ng prepends).
|
| .conf extract:
| filter f_logsplitter { match ("^.*?: ([^ ]*) (.*)$"); };
| destination d_logfiles {
| file ("/our/logs/$1"
| template ("$2\n")
| ...
| etc.
|
| Eg. For the message "root: foo/bar.log some text", the log
| file /our/logs/foo/bar.log gets "some text" appended to it.
|
| Now this seems to work fine for low traffic, but if I send 10k messages in a
| tight loop - either locally or remotely via TCP - $2 contains the wrong
| string for many/most of them, eg:
| 07/03/2006 16:56:34 SEEK #3
| 07/03/2006 16:56:35 SEEK #3
| 07/03/2006 16:56:35 SEEK #3
| 07/03/2006 16:56:35 SEEK #7
| 07/03/2006 16:56:35 SEEK #7
| 07/03/2006 16:56:35 SEEK #7
| 07/03/2006 16:56:35 SEEK #7
| 07/03/2006 16:56:35 SEEK #8
| 07/03/2006 16:56:35 SEEK #11
| 07/03/2006 16:56:35 SEEK #11
| 07/03/2006 16:56:35 SEEK #11
| ...where the #number should be consecutive.
| If I use $MSGONLY, or such, the correct message line is used.
|
| It seems to me like the subpattern macros - $1, $2, etc - aren't maintained
| on a per-message basis, but are global..?
| Given that they aren't documented (that I can find), are the presence of $1,
| etc. an unintended side-effect of using a regex? Am I doing something I
| shouldn't by using them?
| Or did I find me a bug? ;o)
In fact It looks like the same problem I raised about syslog-ng missing
messages. I have the exact same probleme except that I am not using
pattern matching....
Vincent.
--
.~. Vincent Haverlant -- Galadril -- #ICQ: 35695155
/V\ MSN: vincent_msn at haverlant.org -- http://www.haverlant.org/
/( )\ Parinux member: http://www.parinux.org/
^^-^^ GPG: 8FEA 52C2 5C54 A201 2375 0FA5 AF2E 1881 92D0 EE84
More information about the syslog-ng
mailing list