[syslog-ng] program filter regex
Balazs Scheidler
bazsi at balabit.hu
Wed Sep 21 11:28:46 CEST 2011
On Fri, 2011-09-02 at 14:44 -0500, Matt Zagrabelny wrote:
> Hi,
>
> I've looked through the OSE reference PDF and have a question about
> the program filter regex.
>
> I've done some experimentation and I would have thought the following to work:
>
> I'm trying to match puppet programs in syslog-ng (version 3.1)
>
> log entry:
> Sep 2 14:36:25 hornet puppet-agent[15008]: Finished catalog run in 0.75 seconds
>
> This filter works:
> filter f_puppet { program("puppet.*"); };
>
> But this does not:
> filter f_puppet { program("puppet"); };
>
> For things like grep, perl, and ruby the latter regex ("puppet") would
> have matched the program string "puppet-agent". Syslog-ng does not
> seem to behave the same way. Is there a way to get the grep/perl
> behavior? If not, it seems like it doesn't follow the conventions of
> other free software. Would anyone consider it a wishlist bug?
this should work. syslog-ng uses the regexp library built into the
system libc to perform matching. I've just tried and it indeed works for
me.
Sorry for the late answer.
--
Bazsi
More information about the syslog-ng
mailing list