[syslog-ng] MySQL syslog-ng regex
Bruno Vieira
giuliapo at gmail.com
Thu Mar 1 18:13:21 CET 2007
Just a thought. I read that it is much more efficient to use and maybe it
can make do your job easier.
* *
filter f_xntp_filter_no_regexp {
# original line: "xntpd[1567]: time error -1159.777379 is way too
large (set clock manually);
program("xntpd") and
match("time error .* is way too large .* set clock manually");
};
**
* Use this instead: *
filter f_xntp_filter_no_regexp {
# original line: "xntpd[1567]: time error -1159.777379 is way too
large (set clock manually);
program("xntpd") and
match("time error") and match("is way too large") and match("set
clock manually");
};
* *
You can see this information in
http://www.campin.net/syslog-ng/faq.html#perf
* *
Regards,
Bruno.
On 3/1/07, Balazs Scheidler <bazsi at balabit.hu> wrote:
>
> On Thu, 2007-03-01 at 10:24 +0000, Hari Sekhon wrote:
> > one more thought, did you try ${10} or something?
> >
> > This works in shell so it's worth a try.
>
> currently syslog-ng supports max $9. It's not too difficult to add more,
> I'll look into it.
>
> --
> Bazsi
>
> _______________________________________________
> syslog-ng maillist - syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070301/882f9312/attachment.htm
More information about the syslog-ng
mailing list