[syslog-ng] Rewrite regex not working entirely
N. Max Pierson
nmaxpierson at gmail.com
Tue Jan 15 22:01:27 UTC 2019
Hi List,
I am using version 3.5 and it seems as though regex (posix or pcre) doesn't
work completely. Take the example string below (which is the message part
of the syslog).
Jan 15 15:50:57 CST: %DAEMON-3-SYSTEM_MSG: NTP Receive dropping message:
Received NTP control mode packet. Drop count:147972 - ntpd[15029]
I am trying to match the date at the beginning of the message and remove
it. When I use \w, \s, \d, etc, they do not match anything. If I match on a
character classes it works fine (ex [a-z]+ or [0-9]+).
Here is my statement for the rewrite rule.
rewrite r_nexus{ subst("^[a-z]+ [0-9]+ [0-9]+:[0-9]+:[0-9]+ [a-z]+: ", "",
value("MESSAGE"), type("posix"), flags("ignore-case"),
condition(filter(f_nexus))); };
The above seems to get me what I want but are the character matches not
supposed to work in syslog-ng version 3.5??
Regards,
Max
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20190115/8d0ff187/attachment.html>
More information about the syslog-ng
mailing list