[syslog-ng] Using Regex information for destination

Fegan, Joe Joe.Fegan at hp.com
Fri Jul 11 03:19:01 CEST 2008 

Your regular expressions do look ok - I tested them interactively in tclsh and the "wireless" one does match hostr01.w01.primary while the "router" one does not. So this does seems like a syslog-ng oddity.

fegan> tclsh
% set hn {hostr01.w01.primary}
hostr01.w01.primary
%
% set router  {^[0-9a-zA-Z\-]+\.r[0-9]{2}\.([0-9a-zA-Z\-]+)$}
^[0-9a-zA-Z\-]+\.r[0-9]{2}\.([0-9a-zA-Z\-]+)$
%
% regexp $router $hn
0
%
% set wireless {^[0-9a-zA-Z\-]+\.w[0-9]{2}\.([0-9a-zA-Z\-]+)$}
^[0-9a-zA-Z\-]+\.w[0-9]{2}\.([0-9a-zA-Z\-]+)$
%
% regexp $wireless $hn
1
% exit
fegan>



________________________________
From: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of James Whitt
Sent: 10 July 2008 22:53
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] Using Regex information for destination

I just noticed an issues with my filter using regex, so I'm hoping that someone can help me figure this out. I'm running version 2.0.9.<http://2.0.9.>  I have internal hostnames that I use with a central log system.  The issue is that if I use a host like:

hostr01.w01.primary

It should go to /logs/primary/wireless/hostr01.r01.primary/, but if the router filter is above the wireless filter, the it's actually going into  /logs/primary/wireless/hostr01.r01.primary/.  It appears to be ignoring or matching the . even thought I have it with a \..  Any help with this would be greatly appreciated.  If I didn't have the final(), it would log to both places.


Here is the snippet of the config that deals with this.


filter router_filter { host("^[0-9a-zA-Z\-]+\.r[0-9]{2}\.([0-9a-zA-Z\-]+)$"); };
destination router_logs {
        file("/logs/$1/router/$HOST/$YEAR-$MONTH-$DAY.log");
};
log { source(s_external);
      filter(router_filter);
      destination(router_logs);
      flags(final);
};


filter wireless_filter { host("^[0-9a-zA-Z\-]+\.w[0-9]{2}\.([0-9a-zA-Z\-]+)$"); };
destination wireless_logs {
        file("/logs/$1/wireless/$HOST/$YEAR-$MONTH-$DAY.log");
};
log { source(s_external);
      filter(wireless_filter);
      destination(wireless_logs);
      flags(final);
};

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20080711/7577d03e/attachment.htm

More information about the syslog-ng mailing list