[syslog-ng] problem with matching IP address and \d regex operand

Phil.Newlon at wendysarbys.com Phil.Newlon at wendysarbys.com
Tue Nov 3 21:02:27 CET 2009


Bazsi -

Thank you for taking the time to look at my situation.

> Also, I can see that you tried to escape the dot, right after "10", but
> you only used a single escape, which escapes for syslog-ng, but doesn't
> embed a backslash for the regexp parser.

"10\.\d+\.\d*[0-4]\." (kiwi) -> "10\.\\d+\.\\d*[0-4]\." (syslog-ng)

I am escaping a literal "." in the IP address (I want to match on "10."
specifically.)


> This reminds me to an unrelated note, that if you use single quotes in
> syslog-ng, you don't need to escape the backslash, e.g.

> match("\\.") is equivalent to match('\.')

This is great to know!  Sure cleans up some of my filters.  Thanks!

> Another unrelated note is that syslog-ng supports PCRE regular
> expressions if you have that compiled in, PCRE supports \d, and you can
> use it like this:

> match('10\.\d+' type(pcre));

Unfortunately, this didn't work either, so PCRE must not be compiled in on
my system.  However, THIS works!,

'10\.[[:digit:]]+\.[[:digit:]]*[0-4]\.'

Thanks again!

Phil
<span style="font-size:78%;"><span style="font-family:arial;"><strong>Notice:</strong> This e-mail message and its attachments are the property of Wendy's/Arby's Group Inc. </span>
<span style="font-family:arial;">or one of its subsidiaries and may contain confidential or legally privileged information intended</span>
<span style="font-family:arial;">solely for the use of the addressee(s). If you are not an intended recipient, then any use, copying or</span>
<span style="font-family:arial;">distribution of this message or its attachments is strictly prohibited. If you received this message in</span>
<span style="font-family:arial;">error, please notify the sender and delete this message entirely from your system.</span></span>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20091103/ed8034c9/attachment.htm 


More information about the syslog-ng mailing list