[syslog-ng] Regexp values in comparison
Roland Kamke
roland.kamke at auconet.com
Tue Mar 29 12:15:14 CEST 2011
Thank you, Robert.
I guess since I only have syslog-ng OSE 3.0.10-1.rhel5 this regexp comparison stuff won't work anyway - that's a pity.
I have to use CentOS 5 - do you know some yum repository providing newer OSE versions then 3.0.10-1.rhel5, e. g. OSE 3.3 or 3.2?
Regards,
Roland
-----Ursprüngliche Nachricht-----
Von: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] Im Auftrag von Fekete Robert
Gesendet: Dienstag, 29. März 2011 11:57
An: Syslog-ng users' and developers' mailing list
Betreff: Re: [syslog-ng] Regexp values in comparison
Hi,
yes, you can do such things in syslog-ng OSE 3.2 and 3.3, but not in earlier
versions.
Check out
https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-v3.2-guide-admin-en.html/filters-comparing.html
for details.
Regards,
Robert
On 03/29/2011 10:27 AM, Roland Kamke wrote:
> A newbie question: Is it possible to use values matching a regular expression in
> a comparison?
>
> Imagine I receive messges like this: "Disk usage is 60%", "Disk usage is 80%",
> etc. All match the regular expression "Disk usage is [0-9]+%". I do not want to
> log all these messages, but only those where disk usage is at least 75 per cent.
> Can this be achieved by proper configuration?
> Where to look in the documentation?
>
> Currently I am stuck with this approch:
> parser p_disk {
> csv-parser(columns("fix.disk","fix.usage", "fix.is", "diskusage")
> delimiters(" %")
> );
> };
> filter f_disk_syntax {
> message("Disk usage is [0-9]+%");
> };
> filter f_disk_usage { "$diskusage" > "75" };
> log l_mylog {
> source(...);
> filter(f_disk_syntax);
> parser(p_disk);
> filter(f_disk_usage);
> destination(...);
> };
>
> Is this a useful approach? Can it be accomplished with fewer definitions?
> The definition of f_disk_usage results in a syntax error. What would be the
> right syntax?
> filter f_disk_usage { "$diskusage" > "75" };
> filter f_disk_usage { "$diskusage" ge "75" };
> filter f_disk_usage { value("diskusage") > "75" };
> filter f_disk_usage { "$diskusage" > 75};
> filter f_disk_usage { "${diskusage}" > "75" };
> filter f_disk_usage { ${diskusage} > "75" };
>
> Will I need to set up a pattern database to get rid of all unwanted messages?
>
> Thank you
> Roland
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html
More information about the syslog-ng
mailing list