[syslog-ng] syslog-ng Digest, Vol 40, Issue 16

vadi vadi.ksdba at gmail.com
Tue Aug 26 22:32:48 CEST 2008 

Hi Joe,

Thanks for your replay.

I am not able to understand the regular expression statement with are there
in the internet.

For example:

\s(\S+)\s(\S+)\[\d+\]\:\s\[ID \d+ (\S+)\.(\S+)\]\s
\S+\s+\d+\s+(\d+)\:\d+\:\d+\s

I want to know what exactly text of this pattern?

Is there any tool will convert RegExp to text?. So that it will helps for me
to understand better.

Regards,
Vadiraj


On Mon, Aug 25, 2008 at 3:30 PM, <syslog-ng-request at lists.balabit.hu> wrote:

> Send syslog-ng mailing list submissions to
>        syslog-ng at lists.balabit.hu
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        https://lists.balabit.hu/mailman/listinfo/syslog-ng
> or, via email, send a message with subject or body 'help' to
>        syslog-ng-request at lists.balabit.hu
>
> You can reach the person managing the list at
>        syslog-ng-owner at lists.balabit.hu
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of syslog-ng digest..."
>
>
> Today's Topics:
>
>   1. Re:  tool to convert regular expression to text (Fegan, Joe)
>   2. Re:  syslog-ng 2 nics (Balazs Scheidler)
>   3. Re:  [patch] Add follow_freq_ms option (Balazs Scheidler)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 24 Aug 2008 23:34:59 +0000
> From: "Fegan, Joe" <Joe.Fegan at hp.com>
> Subject: Re: [syslog-ng] tool to convert regular expression to text
> To: Syslog-ng users' and developers' mailing list
>        <syslog-ng at lists.balabit.hu>
> Message-ID:
>        <
> 0E6222894DE49B40A3A9FD929C630BCB379EB5A2EF at GVW1121EXC.americas.hpqcorp.net
> >
>
> Content-Type: text/plain; charset="us-ascii"
>
> Hi Vadiraj,
>
> Your question doesn't really make sense. Can you please elaborate. That
> might help.
>
> Joe.
>
> ________________________________
> From: syslog-ng-bounces at lists.balabit.hu [mailto:
> syslog-ng-bounces at lists.balabit.hu] On Behalf Of vadi
> Sent: 22 August 2008 22:15
> To: syslog-ng at lists.balabit.hu
> Subject: [syslog-ng] tool to convert regular expression to text
>
> Dear All,
>
> Do we have any tool to convert regular expression to text?. Please let me
> know about it.
>
> Thanking u,
>
> Regards,
> Vadiraj
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://lists.balabit.hu/pipermail/syslog-ng/attachments/20080824/87a53378/attachment-0001.htm
>
> ------------------------------
>
> Message: 2
> Date: Mon, 25 Aug 2008 09:03:33 +0200
> From: Balazs Scheidler <bazsi at balabit.hu>
> Subject: Re: [syslog-ng] syslog-ng 2 nics
> To: Syslog-ng users' and developers' mailing list
>        <syslog-ng at lists.balabit.hu>
> Message-ID: <1219647813.11424.0.camel at bzorp.balabit>
> Content-Type: text/plain
>
> On Fri, 2008-08-22 at 06:50 +0200, Hubert Kupper wrote:
> > -------- Original-Nachricht --------
> > > Datum: Thu, 21 Aug 2008 14:30:48 +0200
> > > Von: Balazs Scheidler <bazsi at balabit.hu>
> > > An: Syslog-ng users\' and developers\' mailing list <
> syslog-ng at lists.balabit.hu>
> > > Betreff: Re: [syslog-ng] syslog-ng 2 nics
> >
> > >
> > > Have you checked that:
> > >   * syslog-ng is bound to the new interface (either because of a
> 0.0.0.0
> > > bind, or because you have two udp() sources each bound to their
> > > respective interface)
> > >   * packet filter does not filter out these messages
> > >
> > > You can check the first by issuing "netstat -np  | grep 514" and check
> > > which interfaces syslog-ng has bound to.
> > >
> > > The second, well check that your packet filter is not in the way.
> > >
> > > --
> > > Bazsi
> > >
> > Hi,
> > I checked the first issue with "netstat -np | grep 514" and it returned
> nothing! A grep syslog-ng returned "DGRAM 10006 3413/syslog-ng /dev/log"
> > Syslog-ng is still logging entries for all host on the first nic and one
> host on the second nic!
>
> Hmm.. were you running netstat as root? It might not show everything if
> you run it as a non-root user.
>
> If there's no listening socket, I can't see how it would possibly log
> anything on either nics.
>
> --
> Bazsi
>
>
>
> ------------------------------
>
> Message: 3
> Date: Mon, 25 Aug 2008 09:07:53 +0200
> From: Balazs Scheidler <bazsi at balabit.hu>
> Subject: Re: [syslog-ng] [patch] Add follow_freq_ms option
> To: Syslog-ng users' and developers' mailing list
>        <syslog-ng at lists.balabit.hu>
> Message-ID: <1219648073.11424.5.camel at bzorp.balabit>
> Content-Type: text/plain
>
> On Thu, 2008-08-21 at 16:00 -0400, Joe Shaw wrote:
> > Hi,
> >
> > As I mentioned in the last thread, I've found myself wanting to have
> > better than one second resolution for the follow_freq() option.
> > Attached is a patch which adds a follow_freq_ms option, which takes
> > its value in milliseconds rather than full seconds.  follow_freq()
> > continues to work as it did previously.
>
> First of all, thanks for your contibution.
>
> I'm not sure  about the patch though, is millisecond polling really
> needed? It might increase the load on the host significantly to check
> files several times a second.
>
> The reason this patch was born was solved in an unrelated manner (e.g.
> increasing FIFO size).
>
> Any other opinions?
>
> If this turns out really useful, I'd not add a separate keyword, but
> would permit the use of floating point numbers, e.g. follow_freq(0.1)
> instead of follow_freq_ms(100)
>
> --
> Bazsi
>
>
>
> ------------------------------
>
> _______________________________________________
> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
>
>
> End of syslog-ng Digest, Vol 40, Issue 16
> *****************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20080827/48966cf7/attachment.htm

More information about the syslog-ng mailing list