[syslog-ng] Re: syslog-ng Digest, Vol 24, Issue 32

Fabian Pucciarelli fabiangp at gmail.com
Sun Apr 29 18:25:18 CEST 2007 

I have syslog ng writing to a mysql pipe and then a little script reading
the pipe and writing to the db. I currently receive many messages like the
following, I wonder if somenone can help me figure out what this message is
saying..... thanks.


| mailux | syslog   | notice   | notice | 2d   | 2007-04-13 | 01:16:40 |
syslog-ng | syslog-ng[30548]: Log statistics;
dropped='pipe(/tmp/mysql.pipe)=0', processed='center(queued)=40295',
processed='center(received)=13206', processed='destination(d_mysql)=40295',
processed='source(net_tcp)=0', processed='source(src)=8962',
processed='source(net_udp)=4244'  | 46674 |

On 4/29/07, syslog-ng-request at lists.balabit.hu <
syslog-ng-request at lists.balabit.hu> wrote:
>
> Send syslog-ng mailing list submissions to
>         syslog-ng at lists.balabit.hu
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://lists.balabit.hu/mailman/listinfo/syslog-ng
> or, via email, send a message with subject or body 'help' to
>         syslog-ng-request at lists.balabit.hu
>
> You can reach the person managing the list at
>         syslog-ng-owner at lists.balabit.hu
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of syslog-ng digest..."
>
>
> Today's Topics:
>
>    1. Re:  turn off case sensitivity for match regex filter
>       (Balazs Scheidler)
>    2. Re:  turn off case sensitivity for match regex filter (stucky)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 28 Apr 2007 12:42:06 +0200
> From: Balazs Scheidler <bazsi at balabit.hu>
> Subject: Re: [syslog-ng] turn off case sensitivity for match regex
>         filter
> To: Syslog-ng users' and developers' mailing list
>         <syslog-ng at lists.balabit.hu>
> Message-ID: <1177756926.14925.17.camel at bzorp.balabit>
> Content-Type: text/plain
>
> On Sat, 2007-04-28 at 01:52 -0700, stucky wrote:
> > Guys
> >
> > Playing around with ng 2 and I started looking at the match filter
> > again.
> > Simple question that I cannot find an answer to anywhere on the net.
> > How do I turn off case sensitivity for the match target ?
> > I'd like the following line to match "error' or 'ERROR' or 'Error'
> >
> > filter logparse { match("error"); };
> >
> > but of course it only matches 'error' since by default regex is case
> > sensitive.
> > Basically I'm trying to emulate 'grep -i'
> > I guess I could do this :
> >
> > filter logparse { match("[Ee][Rr][Rr][Oo][Rr]"); }; but it'd be soo
> > much simpler to turn off case sensitivity.
>
> Yes, you are right. But it's not currently possible. It should be
> however, I'll try to add it in the nearfuture.
>
> >
> > And while we're talking regex. Shouldn't the above line actually read
> > like this :
> >
> > filter logparse { match(".+error.+"); }; ?
> >
> > meaning "anything followed by 'error' followed by anything"
> > Both appear to work so I assume the first line is interpreted by
> > syslog-ng like the second line correct ?
>
> syslog-ng interprets "match" the same as grep, e.g. it does not care
> where the pattern is found. if you want to match the beginning or the
> end of line, you need to use explicit ^ and $ characters.
>
> --
> Bazsi
>
>
>
> ------------------------------
>
> Message: 2
> Date: Sat, 28 Apr 2007 12:44:04 -0700
> From: stucky <stucky101 at gmail.com>
> Subject: Re: [syslog-ng] turn off case sensitivity for match regex
>         filter
> To: "Syslog-ng users' and developers' mailing list"
>         <syslog-ng at lists.balabit.hu>
> Message-ID:
>         <30997e260704281244g6f1225bfwc7da2b4e05fdfd9f at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Baszi
>
> Cool. I'm in the middle of building a new infrastructure and would like to
> use this feature. I'm not a programmer but I assume adding this feature
> shouldn't be very hard at all right ?
> If you had a rough ETA that'd help me.
>
> thx
>
> On 4/28/07, Balazs Scheidler <bazsi at balabit.hu> wrote:
> >
> > On Sat, 2007-04-28 at 01:52 -0700, stucky wrote:
> > > Guys
> > >
> > > Playing around with ng 2 and I started looking at the match filter
> > > again.
> > > Simple question that I cannot find an answer to anywhere on the net.
> > > How do I turn off case sensitivity for the match target ?
> > > I'd like the following line to match "error' or 'ERROR' or 'Error'
> > >
> > > filter logparse { match("error"); };
> > >
> > > but of course it only matches 'error' since by default regex is case
> > > sensitive.
> > > Basically I'm trying to emulate 'grep -i'
> > > I guess I could do this :
> > >
> > > filter logparse { match("[Ee][Rr][Rr][Oo][Rr]"); }; but it'd be soo
> > > much simpler to turn off case sensitivity.
> >
> > Yes, you are right. But it's not currently possible. It should be
> > however, I'll try to add it in the nearfuture.
> >
> > >
> > > And while we're talking regex. Shouldn't the above line actually read
> > > like this :
> > >
> > > filter logparse { match(".+error.+"); }; ?
> > >
> > > meaning "anything followed by 'error' followed by anything"
> > > Both appear to work so I assume the first line is interpreted by
> > > syslog-ng like the second line correct ?
> >
> > syslog-ng interprets "match" the same as grep, e.g. it does not care
> > where the pattern is found. if you want to match the beginning or the
> > end of line, you need to use explicit ^ and $ characters.
> >
> > --
> > Bazsi
> >
> > _______________________________________________
> > syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> > https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
> >
> >
>
>
> --
> stucky
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070428/c3bdb0f9/attachment.html
>
> ------------------------------
>
> _______________________________________________
> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
>
>
> End of syslog-ng Digest, Vol 24, Issue 32
> *****************************************
>



-- 
Regards,

Fabian Pucciarelli
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070429/92be486d/attachment.html

More information about the syslog-ng mailing list