[syslog-ng] pcre matches

Patrick H. syslogng at feystorm.net
Sat Mar 6 01:42:28 CET 2010


After messing around with this for several days, I found the problems.
1) you can not use lowercase letters in the match name
2) there are reserved words where if you try to use it as the match 
name, it dorks everything up (like MSGID). This one had me ripping out 
my hair and pounding my head on the desk.

Sent: Thursday, March 04, 2010 3:23:59 PM
From: Patrick H. <syslogng at feystorm.net>
To: syslog-ng at lists.balabit.hu
Subject: [syslog-ng] pcre matches
> How do you use pcre named pattern matches with store-matches?
> I've been trying to do things like
> message("IP: (?<ip>\S+)" flags(store-matches) type("pcre"))
> and then insert into a database with things like
> values("$ip") or values("$+{ip}")
> and nothing works.
> I cant seem to find any examples of usage through google either.
> ------------------------------------------------------------------------
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20100305/d45a637b/attachment.htm 


More information about the syslog-ng mailing list