[syslog-ng] ESTRING terminated by a colon?
Glen Johnson
gfjohnson at alaska.edu
Tue Apr 13 07:42:46 CEST 2010
Hello,
Hopefully this is a new question. I've been trying to write patterns
for error messages sent by Cisco IOS devices. For example:
20: *Feb 28 15:00:08.556 AKST: %LINEPROTO-5-UPDOWN: Line protocol on
Interface BVI1, changed state to up
A pattern that works:
@NUMBER:seqno@: @ESTRING:CISCO.DATE: %@LINEPROTO-5-UPDOWN: Line
protocol on Interface @ESTRING:arg1:,@ changed state to
@ANYSTRING:arg2@
But to avoid capturing the colon an space, the end-match needs to be
": " (i.e. colon space), like so:
@ESTRING:CISCO.DATE:: @
However, I'm unsure how to quote the colon, when it's already the
ESTRING param delimiter?
Thanks
More information about the syslog-ng
mailing list