[syslog-ng] Convert rewrite rules (regex) to patterndb

Clayton Dukes cdukes at logzilla.net
Fri Jan 27 14:41:50 UTC 2017


Thanks for the info guys, we'll try to work something out on our end.


From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of Balazs Scheidler <bazsi77 at gmail.com>
Reply-To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Date: Thursday, January 26, 2017 at 2:48 AM
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>, Fabien Wernli <wernli at in2p3.fr>
Subject: Re: [syslog-ng] Convert rewrite rules (regex) to patterndb

That one captures the entire match as one name value pair.

But I guess @NUMBER@ parser would be useful.

On Jan 26, 2017 08:24, "Fabien Wernli" <wernli at in2p3.fr<mailto:wernli at in2p3.fr>> wrote:
Hi Clayton,

On Wed, Jan 25, 2017 at 10:29:08PM +0000, Clayton Dukes wrote:
> Are there any tools/scripts anyone has written that will convert regex to patterndb types of matches?
> So, given some rewrite rule from the "old" way of doing it, convert that rule to a pdb file.

I'm afraid the two are too semantically different to automatize the process.
That being said, there is a `@PCRE@` pattern that might help, but as far as
I can remeber it won't capture groups.

Cheers

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170127/6f809ea0/attachment.html>


More information about the syslog-ng mailing list