[syslog-ng] Struggling with regexp, store-matches and csv-parser macros
Remy Zandwijk
remy at luckyhands.nl
Fri Aug 5 14:08:02 CEST 2011
Hi list,
so, I am new to syslog-ng and I am struggling with the features
regexp/store-matches and csv-parser macros. I searched the web and mailinglist
archive for these two subjects, but that didn't answer my questions. The
syslog-ng 3.1.3 I'm using is running on Debian Squeeze.
filter f_mytest {
facility(local0) and
level(debug) and
match("^www" value("MSGHDR") flags("store-matches"));
};
template t_mytest {
template("${MSG}--${1}\n");
}
destination d_mytest {
file("/var/tmp/mytest.log");
};
log {
source(s_src);
filter(f_mytest);
template(t_mytest);
destination(f_mytest);
};
When I send a message to syslog-ng with: logger -p local0.debug -t www testmessage
nothing appears in the logfile. However, when flags("store-matches") is
omitted, the message appears like expected. Why does this filter not work?
I am playing around with the csv-parser function as well. The (user-defined)
macros can be used in file() functions, but I found out that they don't work
in owner() and group() functions. Is that expected?
Thanks,
Remy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20110805/4aef429a/attachment.htm
More information about the syslog-ng
mailing list