[syslog-ng] Rewriting Cisco messages
Martin Holste
mcholste at gmail.com
Tue Feb 7 18:32:48 CET 2012
Thanks for taking a look. The regexes should all be quite fast since
they are anchored to the start of the buffer, but I didn't see if they
could be combined into a single regex. I was mainly curious as to
whether there was another (faster) way other than the condition()
parameter for rewrite().
On Tue, Feb 7, 2012 at 10:27 AM, Gergely Nagy <algernon at balabit.hu> wrote:
> Martin Holste <mcholste at gmail.com> writes:
>
>> Well, you're certainly welcome to write a Cisco parser, but in my
>> situation, I can't filter by IP since I don't know what IP's will be
>> Cisco.
>
> I see. Then perhaps a parser + filter combo would do the trick for
> you. By the looks of it, all three types of messages are reasonably easy
> and fast to identify..
>
> I'll see what I can do. I'll also have a look at the regexps you posted,
> as speeding those up, if possible, would provide a more immediate
> improvement. :)
>
> --
> |8]
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
More information about the syslog-ng
mailing list