[syslog-ng] Regex Irregularities
N. Max Pierson
nmaxpierson at gmail.com
Fri Feb 8 16:18:28 UTC 2019
Hi List,
I am having some weird issues with rewrite regex that I cannot explain. I
am simply trying to filter out the first part of the message which has the
date in this format.
Feb 8 09:13:32 CST: (there is one space at the end)
When I use the following syntax, it doesn't match as expected.
^\w+\s\d+\s\d+:\d+:\d+\s\w+:\s
I know this is the correct pattern because it works just fine on
www.regexpal.com. I did some further testing and I have narrowed it down to
the below ...
^\w+
8 09:55:54 CST: (this seemed to also remove the space behind the month)
^\w+\s
8 09:59:37 CST: (notice this is the exact same as the above without the
beginning space)
^\w+\s\d+
Feb 8 10:07:04 CST: (doesn't match anything as though the space between
Feb and 8 isn't there)
^\w+\d+
Feb 8 10:11:54 CST: (again doesn't match anything as though there is a
space between Feb and 8)
So it seems to be something either with \w word class or the + quantifier
and it somehow eats the space behind it possibly?? I am running 3.19.1 on
Centos 7.
Can anyone test this to confirm it isn't just local to my install for
whatever reason?
Regards,
Max
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20190208/0f6eae71/attachment.html>
More information about the syslog-ng
mailing list