[syslog-ng] Another patterndb limitation
Evan Rempel
erempel at uvic.ca
Wed Nov 30 21:51:23 CET 2011
I am attempting to parse information from a message that is proving difficult.
The data is of the form;
this data:should be:parsed:on colons
but the only tool I have to use is ESTRING since the text between
the : characters may contain spaces.
The problem is that ESTRING will return the text AND the : following it.
I got to thinking some more (and that is dangerous for everyone) and
realized that I can not parse
the key words are (one two three) to look at
and get a variable that matches (one two three) because QSTRING
does not include the braces.
I would like to see something like
ESTRING - return all the text up to and include the terminator character
eSTRING - return all the text up to but NOT including the terminator character
But now I have a problem. For consistency I would like to see
QSTRING - return all of the quoted text including the quote characters
qSTRING - return all of the quoted text excluding the quote characters.
These would be consistent with ESTRING and eSTRING but would be inconsistent
with the current use of QSTRING.
There was a recent patch submitted for SET, that I would change to
MSET - return all of the text (M)atching any character in the set
mSET - return all of the text not (m)atching any character in the set
So I am asking for suggestions on how to get my new
eSTRING and my changed QSTRING functionality?
comments? suggestions?
Evan
More information about the syslog-ng
mailing list