[syslog-ng] turn off case sensitivity for match regex filter

stucky stucky101 at gmail.com
Mon Apr 30 20:10:57 CEST 2007


Thanks very much for the quick fix !
I tried today's snapshot and it seems to work.

regards

On 4/29/07, Balazs Scheidler <bazsi at balabit.hu> wrote:
>
> On Sat, 2007-04-28 at 12:44 -0700, stucky wrote:
> > Baszi
> >
> > Cool. I'm in the middle of building a new infrastructure and would
> > like to use this feature. I'm not a programmer but I assume adding
> > this feature shouldn't be very hard at all right ?
> > If you had a rough ETA that'd help me.
>
> attached patch implements it using perl-like syntax, e.g.:
>
> filter f_case { match('(?i)regexp'); };
>
> It works in all filters that use regexps (e.g. match, host, program,
> etc) The regexp must begin with '(?' or otherwise the flag will not be
> recognized.
>
> Tomorrow's snapshot should contain it.
>
> >From 47f53555268efb72ab8db2d620d7669b8e5dc7a4 Mon Sep 17 00:00:00 2001
> From: Balazs Scheidler <bazsi at balabit.hu>
> Date: Sun, 29 Apr 2007 18:53:46 +0200
> Subject: [PATCH] added support for Perl-like regexp flags to support
> case-ignoring matches
>
> 2007-04-28  Balazs Scheidler <bazsi at balabit.hu>
>
>         * src/filter.c (filter_re_compile): parse '(?i)' at the beginning
> of
>         regexps as an ignore-case flag, just like Perl does
> ---
> src/filter.c              |   34 +++++++++++++++++++++++++++++++---
> tests/unit/test_filters.c |    5 +++++
> 2 files changed, 36 insertions(+), 3 deletions(-)
>
> diff --git a/src/filter.c b/src/filter.c
> index 8e19440..cf7e3aa 100644
> --- a/src/filter.c
> +++ b/src/filter.c
> @@ -230,11 +230,39 @@ typedef struct _FilterRE
> } FilterRE;
>
> static gboolean
> -filter_re_compile(const char *re, regex_t *regex)
> +filter_re_compile(const gchar *re, regex_t *regex)
> {
> -  int rc;
> +  gint rc;
> +  const gchar *re_comp = re;
> +  gint flags = REG_EXTENDED;
>
> -  rc = regcomp(regex, re, REG_EXTENDED);
> +  if (re[0] == '(' && re[1] == '?')
> +    {
> +      gint i;
> +
> +      for (i = 2; re[i] && re[i] != ')'; i++)
> +        {
> +          switch (re[i])
> +            {
> +            case 'i':
> +              flags |= REG_ICASE;
> +              break;
> +            }
> +        }
> +      if (re[i])
> +        {
> +          re_comp = &re[i + 1];
> +        }
> +      else
> +        {
> +          msg_error("Invalid regexp flags",
> +                    evt_tag_str("re", re),
> +                    NULL);
> +          return FALSE;
> +        }
> +    }
> +
> +  rc = regcomp(regex, re_comp, flags);
>    if (rc)
>      {
>        gchar buf[256];
> diff --git a/tests/unit/test_filters.c b/tests/unit/test_filters.c
> index 58236d7..187b572 100644
> --- a/tests/unit/test_filters.c
> +++ b/tests/unit/test_filters.c
> @@ -137,11 +137,16 @@ main(int argc G_GNUC_UNUSED, char *argv[]
> G_GNUC_UNUSED)
>
>    testcase("<15>Oct 15 16:17:01 host openvpn[2499]: PTHREAD support
> initialized", 0, filter_host_new("^host$"), 1);
>    testcase("<15>Oct 15 16:17:01 host openvpn[2499]: PTHREAD support
> initialized", 0, filter_host_new("^hos$"), 0);
> +  testcase("<15>Oct 15 16:17:01 host openvpn[2499]: PTHREAD support
> initialized", 0, filter_host_new("pthread"), 0);
>    fprintf(stderr, "One \"invalid regular expressions\" message is to be
> expected\n");
>    TEST_ASSERT(filter_host_new("((") == NULL);
>
> +  fprintf(stderr, "One \"invalid regular expressions\" message is to be
> expected\n");
> +  TEST_ASSERT(filter_host_new("(?iana") == NULL);
> +
>    testcase("<15>Oct 15 16:17:01 host openvpn[2499]: PTHREAD support
> initialized", 0, filter_match_new(" PTHREAD "), 1);
>    testcase("<15>Oct 15 16:17:01 host openvpn[2499]: PTHREAD support
> initialized", 0, filter_match_new("^PTHREAD$"), 0);
> +  testcase("<15>Oct 15 16:17:01 host openvpn[2499]: PTHREAD support
> initialized", 0, filter_match_new("(?i)pthread"), 1);
>    fprintf(stderr, "One \"invalid regular expression\" message is to be
> expected\n");
>    TEST_ASSERT(filter_match_new("((") == NULL);
>
>
>
> --
> Bazsi
>
> _______________________________________________
> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>


-- 
stucky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070430/b2e1a6be/attachment.htm


More information about the syslog-ng mailing list