[syslog-ng] How to use regex in syslog-ng.conf

Péter, Kókai peter.kokai at oneidentity.com
Fri Mar 1 10:34:00 UTC 2019


Based on your example one possible solution could be: match("cmd=username
[a-z]+ privilege 15" value("MESSAGE"));

You could also check out the syslog-ng administrator guide, it covers a lot
of possibilities:


On Thu, Feb 28, 2019 at 3:50 PM Lin, Victor <victor.lin at rbc.com> wrote:

> Dear all,
> I am trying to use regex in syslog-ng.conf without success L
> Below is from my filter
> match("cmd=username toto privilege 15", value("MESSAGE"));
> could you please let me know how could I replace username toto with regex
> ? tried /w+  , but didn’t passing through
> Thank you very much for your instruction!
> VL
> _______________________________________________________________________
> If you received this email in error, please advise the sender (by return
> email or otherwise) immediately. You have consented to receive the attached
> electronically at the above-noted email address; please retain a copy of
> this confirmation for future reference.
> Si vous recevez ce courriel par erreur, veuillez en aviser l'expéditeur
> immédiatement, par retour de courriel ou par un autre moyen. Vous avez
> accepté de recevoir le(s) document(s) ci-joint(s) par voie électronique à
> l'adresse courriel indiquée ci-dessus; veuillez conserver une copie de
> cette confirmation pour les fins de reference future.
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20190301/7921ceb3/attachment.html>

More information about the syslog-ng mailing list