[syslog-ng] ESTRING terminated by a colon?
Zoltán Pallagi
pzolee at balabit.hu
Wed Apr 14 11:28:09 CEST 2010
Hi,
You don't need to escape it, it will work as you want to use (": ").
The pattern that I am using:
<pattern>@NUMBER:seqno@: @ESTRING:CISCO.DATE:: @@ANYSTRING:arg2@</pattern>
pdbtool output:
root at thor:/opt/syslog-ng# bin/pdbtool match -p
/opt/syslog-ng/var/patterndb.xml -M "20: *Feb 28 15:00:08.556 AKST:
%LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up"
MESSAGE=20: *Feb 28 15:00:08.556 AKST: %LINEPROTO-5-UPDOWN: Line
protocol on Interface BVI1, changed state to up
.classifier.class=system
.classifier.rule_id=09944c71-95eb-4bc0-8575-936931d85713
seqno=20
CISCO.DATE=*Feb 28 15:00:08.556 AKST
arg2=%LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed
state to up
testvalue=OK
and it also works with syslog-ng.
Glen Johnson wrote:
>> you can escape the colon using another colon, like @ESTRING:CISCO.DATE::: @
>> Similarly, if you need to use @ in a parser, you can escape it like @@
>>
>
> Tested this using pdbtool match, using several permutations. I
> couldn't get a match.
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
>
--
pzolee
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20100414/1b348114/attachment.htm
More information about the syslog-ng
mailing list