[syslog-ng] syslog-ng Digest, Vol 40, Issue 16

Nix nix at esperi.org.uk
Wed Aug 27 06:44:36 CEST 2008 

On 26 Aug 2008, vadi uttered the following:

> Hi Joe,
>
> Thanks for your replay.
>
> I am not able to understand the regular expression statement with are there
> in the internet.

They can be... arcane, yes.

> For example:
>
> \s(\S+)\s(\S+)\[\d+\]\:\s\[ID \d+ (\S+)\.(\S+)\]\s

Perl or PCRE regexps, by the look of it (does syslog-ng understand
those? I thought it only handled POSIX regexps, although now it's using
glib it could perfectly well use PCRE regexps too, via glib). That
should match something like (not checked)

 flob wumpus[41226]: [ID 2144 blob.splunge] 

(looks quite like a syslog line, doesn't it, although those square
brackets are a little weird). Of course it won't match it in syslog-ng
because the regexp flavour is wrong. (I think.)

> \S+\s+\d+\s+(\d+)\:\d+\:\d+\s

Flabble    123456789  21243:1044:6 

and an infinite set of other possible strings.

> I want to know what exactly text of this pattern?

Well, it matches *lots* of different strings (an infinite set, in fact),
so it's not meaningful to talk about converting regular expressions into
the text they match.

> Is there any tool will convert RegExp to text?. So that it will helps for me
> to understand better.

Something like, say, KDE's kregexpeditor can help you dissect regexps
and figure out how the bits fit together, but the closest you can get to
what you ask for is to try to match candidate strings against a regexp
and see what bits match, and to try to construct plausible matching
strings by reading the regexp.


I actually find GNU grep surprisingly useful here. With the -P option it
understands PCRE regexps as you show above: with -E it understands
extended POSIX regexps, and with --colour it colours in the matched
region, so you can try little bits of regexps against a candidate string
and see which part of the candidate matched. (This can be very useful
for understanding the greedy/non-greedy distinction.)


[snip entire digest: please don't quote whole digests, we've seen their
contents before]

-- 
`Not even vi uses vi key bindings for its command line.' --- PdS

More information about the syslog-ng mailing list