[syslog-ng] Regexp values in comparison

[Roland Kamke]

A newbie question: Is it possible to use values matching a regular
expression in a comparison?

Imagine I receive messges like this: "Disk usage is 60%", "Disk usage is
80%", etc. All match the regular expression "Disk usage is [0-9]+%". I
do not want to log all these messages, but only those where disk usage
is at least 75 per cent.
Can this be achieved by proper configuration?
Where to look in the documentation?



Currently I am stuck with this approch:
parser p_disk {
csv-parser(columns("fix.disk","fix.usage", "fix.is", "diskusage")
delimiters(" %")
);
};
filter f_disk_syntax {
message("Disk usage is [0-9]+%");
};
filter f_disk_usage { "$diskusage" > "75" };
log l_mylog {
source(...);
filter(f_disk_syntax);
parser(p_disk);
filter(f_disk_usage);
destination(...);
};

Is this a useful approach? Can it be accomplished with fewer
definitions?
The definition of f_disk_usage results in a syntax error. What would be
the right syntax?
filter f_disk_usage { "$diskusage" > "75" };
filter f_disk_usage { "$diskusage" ge "75" };
filter f_disk_usage { value("diskusage") > "75" };
filter f_disk_usage { "$diskusage" > 75};
filter f_disk_usage { "${diskusage}" > "75" };
filter f_disk_usage { ${diskusage} > "75" };

Will I need to set up a pattern database to get rid of all unwanted
messages?

Thank you
Roland

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20110329/1de3e235/attachment.htm