[syslog-ng] regexp and template syntax suggestion

Balazs Scheidler bazsi at balabit.hu
Fri Mar 2 14:27:55 CET 2007


On Thu, 2007-03-01 at 10:07 -0800, Evan Rempel wrote:

> Suggestion:
> 
> allow syntax that specified user definable macro names for expansion.
> 
> host("^([^\.]+)\." fullmatch shorthost)
> match("bad login from ([^ ]+) " fullmatch ip)
> 
> and the filter becomes
> filter fail_login { host("^([^\.]+)\." shorthost) and match("bad login from ([^ ]+) " ip); };
> 
> and then a template can be written as
> 
> template my_template{ template("$ISODATE $HOST $shorthost is being attacked from $ip\n"); template_escape(no)); };
> 
> The "fullmatch" is in keeping with the regexp matching syntax of many languages.
> 
> An additional concern is that users might attempt to use new macronames that conflict with existing ones, but that
> should be easy to handle.

I like this idea.

-- 
Bazsi



More information about the syslog-ng mailing list