[syslog-ng] turn off case sensitivity for match regex filter
Balazs Scheidler
bazsi at balabit.hu
Sat Apr 28 12:42:06 CEST 2007
On Sat, 2007-04-28 at 01:52 -0700, stucky wrote:
> Guys
>
> Playing around with ng 2 and I started looking at the match filter
> again.
> Simple question that I cannot find an answer to anywhere on the net.
> How do I turn off case sensitivity for the match target ?
> I'd like the following line to match "error' or 'ERROR' or 'Error'
>
> filter logparse { match("error"); };
>
> but of course it only matches 'error' since by default regex is case
> sensitive.
> Basically I'm trying to emulate 'grep -i'
> I guess I could do this :
>
> filter logparse { match("[Ee][Rr][Rr][Oo][Rr]"); }; but it'd be soo
> much simpler to turn off case sensitivity.
Yes, you are right. But it's not currently possible. It should be
however, I'll try to add it in the nearfuture.
>
> And while we're talking regex. Shouldn't the above line actually read
> like this :
>
> filter logparse { match(".+error.+"); }; ?
>
> meaning "anything followed by 'error' followed by anything"
> Both appear to work so I assume the first line is interpreted by
> syslog-ng like the second line correct ?
syslog-ng interprets "match" the same as grep, e.g. it does not care
where the pattern is found. if you want to match the beginning or the
end of line, you need to use explicit ^ and $ characters.
--
Bazsi
More information about the syslog-ng
mailing list