[syslog-ng] ESTRING terminated by a colon?
Glen Johnson
gfjohnson at alaska.edu
Wed Apr 14 19:04:06 CEST 2010
Thank you for the responses. I believe Robert and Martin are
correct, this is at very least misbehavior. Zoltán, you're correct,
that pattern does work. But lets look at a different example. This
message --
Dropping TCP packet from outside:192.168.25.36/10001 to
inside:10.0.25.56/22383, reason: MSS exceeded, MSS 1380, data 1400
-- only matches the pattern --
Dropping TCP packet from @ESTRING:::@@IPv4@/@NUMBER@ to
@ESTRING:::@@IPv4@/@NUMBER@, reason: MSS exceeded, MSS @NUMBER@, data
@NUMBER@
-- when the one of the @ESTRING:::@@IPv4@ blocks are changed to
@STRING@:@IPv4 at . If not a bug, why?
On Wed, Apr 14, 2010 at 1:28 AM, Zoltán Pallagi <pzolee at balabit.hu> wrote:
> Hi,
>
> You don't need to escape it, it will work as you want to use (": ").
> The pattern that I am using:
> <pattern>@NUMBER:seqno@: @ESTRING:CISCO.DATE:: @@ANYSTRING:arg2@</pattern>
More information about the syslog-ng
mailing list