[syslog-ng] Problems using match() filter
Mike
mike at jeke.fdns.net
Fri Feb 9 14:56:43 CET 2007
>
> I'm having problem using the match() filter in my syslog-ng.conf file.
>
> I have a log file below which i'm trying to seperate the events to different
> log files based on the filed variables "[commonservices]" and "[fx]".
>
>
<snip>
> my syslog-ng.conf looks like this
>
> filter f_common { match("[commonservices]"); };
> filter f_fx { match("[fx]"); };
> filter f_core { match("[core]"); };
>
it sounds like you just landed in the wonderful world of regular
expressions. When you use "[abcd]" in a regular expression, it means match
either a or b or c or d.
so in your config above match("[commonservices]") will match any line that
has a c or o or m or n or s or e or r or v or i.
in order for match("") to actually match a "[" character, you need to
"escape" it. Escaping lets you tell the regular expression engine to treat
the "[" just as a "[", not a special character.
as I remember, you actually need to double escape in a syslog-ng.conf file..something like this:
filter f_common { match("\\[commonservices\\]"); };
Mike
More information about the syslog-ng
mailing list