[syslog-ng] Filter Not Working (too many or's?)
Evan Rempel
erempel at uvic.ca
Tue Jun 6 13:24:14 UTC 2017
I agree with what Attila wrote, but to answer your question the first
rexpression host("*.abca.*") is invalid.
you have a "*." where you needed a ".*"
Evan
On 06/06/2017 05:07 AM, Szalai, Attila wrote:
>
> Hi,
>
> First of all, the content of the host() is a regular expression, so
> adding .* to the beginning and/or to the end of the expression adds
> nothing, just pain/slowness.
>
> Second, it would help a lot if we can see the actual error message. I
> found no obvious mistake, but because this is not the original line,
> maybe something lost in the translation.
>
> *From:*syslog-ng [mailto:syslog-ng-bounces at lists.balabit.hu] *On
> Behalf Of *wiskbroom at hotmail.com
> *Sent:* Tuesday, June 06, 2017 12:59 AM
> *To:* syslog-ng at lists.balabit.hu
> *Subject:* [syslog-ng] Filter Not Working (too many or's?)
>
> Here is an example of what I am trying to do, these hostnames are not
> real; the real ones have no common pattern.
>
> filter f_xyz { host("*.abca.*") or host(".*abcb.*") or
> host(".*abcc.*") or host(".*abcd.*") or host(".*abce.*") or
> host(".*abcf.*") or host(".*abcg.*") or host(".*abch.*"); };
>
> The filter above is for any host containing a hostname with what is
> contained within the .* and *.; i.e. hostabca01 will be matched by
> host("*.abca.*")
>
> When I have this filter in my config, syslog fails to restart.
>
> Eyes hurt, obvious mistake?
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170606/2dcefb8c/attachment-0001.html>
More information about the syslog-ng
mailing list