[syslog-ng] Rewrite regex not working entirely
N. Max Pierson
nmaxpierson at gmail.com
Tue Jan 15 22:11:49 UTC 2019
Hi Evan,
I have tried both pcre and posix and neither seem to work.
On Tue, Jan 15, 2019 at 4:08 PM Evan Rempel <erempel at uvic.ca> wrote:
> You have defined your regular expresion as "posix" which does not have the
> \d \s etc.
> If you change the type to "pcre" then it should work for you.
>
>
> On 1/15/19 2:01 PM, N. Max Pierson wrote:
>
> Hi List,
>
> I am using version 3.5 and it seems as though regex (posix or pcre)
> doesn't work completely. Take the example string below (which is the
> message part of the syslog).
>
> Jan 15 15:50:57 CST: %DAEMON-3-SYSTEM_MSG: NTP Receive dropping message:
> Received NTP control mode packet. Drop count:147972 - ntpd[15029]
>
> I am trying to match the date at the beginning of the message and remove
> it. When I use \w, \s, \d, etc, they do not match anything. If I match on a
> character classes it works fine (ex [a-z]+ or [0-9]+).
>
> Here is my statement for the rewrite rule.
>
> rewrite r_nexus{ subst("^[a-z]+ [0-9]+ [0-9]+:[0-9]+:[0-9]+ [a-z]+: ", "",
> value("MESSAGE"), type("posix"), flags("ignore-case"),
> condition(filter(f_nexus))); };
>
> The above seems to get me what I want but are the character matches not
> supposed to work in syslog-ng version 3.5??
>
> Regards,
> Max
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20190115/95b90dd3/attachment-0001.html>
More information about the syslog-ng
mailing list