[syslog-ng] turn off case sensitivity for match regex filter

stucky stucky101 at gmail.com
Sat Apr 28 21:44:04 CEST 2007


Baszi

Cool. I'm in the middle of building a new infrastructure and would like to
use this feature. I'm not a programmer but I assume adding this feature
shouldn't be very hard at all right ?
If you had a rough ETA that'd help me.

thx

On 4/28/07, Balazs Scheidler <bazsi at balabit.hu> wrote:
>
> On Sat, 2007-04-28 at 01:52 -0700, stucky wrote:
> > Guys
> >
> > Playing around with ng 2 and I started looking at the match filter
> > again.
> > Simple question that I cannot find an answer to anywhere on the net.
> > How do I turn off case sensitivity for the match target ?
> > I'd like the following line to match "error' or 'ERROR' or 'Error'
> >
> > filter logparse { match("error"); };
> >
> > but of course it only matches 'error' since by default regex is case
> > sensitive.
> > Basically I'm trying to emulate 'grep -i'
> > I guess I could do this :
> >
> > filter logparse { match("[Ee][Rr][Rr][Oo][Rr]"); }; but it'd be soo
> > much simpler to turn off case sensitivity.
>
> Yes, you are right. But it's not currently possible. It should be
> however, I'll try to add it in the nearfuture.
>
> >
> > And while we're talking regex. Shouldn't the above line actually read
> > like this :
> >
> > filter logparse { match(".+error.+"); }; ?
> >
> > meaning "anything followed by 'error' followed by anything"
> > Both appear to work so I assume the first line is interpreted by
> > syslog-ng like the second line correct ?
>
> syslog-ng interprets "match" the same as grep, e.g. it does not care
> where the pattern is found. if you want to match the beginning or the
> end of line, you need to use explicit ^ and $ characters.
>
> --
> Bazsi
>
> _______________________________________________
> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>


-- 
stucky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070428/c3bdb0f9/attachment.htm


More information about the syslog-ng mailing list