[syslog-ng] regexp and template syntax suggestion
Balazs Scheidler
bazsi at balabit.hu
Fri Mar 2 14:27:55 CET 2007
On Thu, 2007-03-01 at 10:07 -0800, Evan Rempel wrote:
> Suggestion:
>
> allow syntax that specified user definable macro names for expansion.
>
> host("^([^\.]+)\." fullmatch shorthost)
> match("bad login from ([^ ]+) " fullmatch ip)
>
> and the filter becomes
> filter fail_login { host("^([^\.]+)\." shorthost) and match("bad login from ([^ ]+) " ip); };
>
> and then a template can be written as
>
> template my_template{ template("$ISODATE $HOST $shorthost is being attacked from $ip\n"); template_escape(no)); };
>
> The "fullmatch" is in keeping with the regexp matching syntax of many languages.
>
> An additional concern is that users might attempt to use new macronames that conflict with existing ones, but that
> should be easy to handle.
I like this idea.
--
Bazsi
More information about the syslog-ng
mailing list