[syslog-ng] Feature Request - patterndb match set

Martin Holste mcholste at gmail.com
Sun Nov 27 17:49:40 CET 2011 

I agree.  Since ANYSTRING does not work in the middle of a pattern,
authors are left without an option for variable-length matches when
you can't use (E|Q)STRING, such as an unknown number of repeating
spaces.  I think SET would be fairly efficient since it would behave a
lot like a slightly modified version of ESTRING.

On Sat, Nov 26, 2011 at 11:10 PM, Evan Rempel <erempel at uvic.ca> wrote:
> I have come across some odd lines that really can't be matched/parsed by the patterndb
>
> 2011-11-25T10:49:21-08:00 mmfs at hermes0022.westgrid.uvic.ca/localhost/hermes0022/xcat2.westgrid.uvic.ca local2.info mmfs: Module                  Size  Used by
> 2011-11-25T10:49:21-08:00 mmfs at hermes0022.westgrid.uvic.ca/localhost/hermes0022/xcat2.westgrid.uvic.ca local2.info mmfs: mmfs26               1945576  0
> 2011-11-25T10:49:21-08:00 mmfs at hermes0022.westgrid.uvic.ca/localhost/hermes0022/xcat2.westgrid.uvic.ca local2.info mmfs: mmfslinux             326280  1 mmfs26
> 2011-11-25T10:49:21-08:00 mmfs at hermes0022.westgrid.uvic.ca/localhost/hermes0022/xcat2.westgrid.uvic.ca local2.info mmfs: tracedev               67148  2 mmf
>
>
> I would like to match these and parse out the number. The catch is that the number is right justified which means that
> there is a variable number of spaces before the number.
>
> I am open to suggestions about how to make a paterndb pattern to match this and parse the number into a tag/value pair.
>
> Failing that I would propose that a @SET@ parser.
>
> @SET:name:character set@
>
> This will match a sequence of characters that contain any of, and only those characters listed by "character set"
>
> This will allow matches of arbitrary length separators such as spaces or hyphens or other cases that can not yet be
> handled.
>
> Comments?
>
> Evan
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>

More information about the syslog-ng mailing list