[syslog-ng] issues with rewrite and subst
Russell Fulton
r.fulton at auckland.ac.nz
Sun Apr 12 21:03:43 UTC 2020
version 3.26.1
I am attempting to use rewrite to copy part of one macro into a new one:
rewrite r_user1 { set( "${user}", value("user_name"));};
rewrite r_user2 { subst( "^.+\((.+)\)", "${1}", value("user_name")) ;};
The first simply copies user into user_name.
The second is intended to extract anything in parentheses and throw away the rest.
here is a cleaned up dump of json output including the macros from the regexp:
{"user_name":")","user”:”yyyyn at gmail.com(xxx549)","2":")","1":")","0”:”yyyy at gmail.com(xxx549)”}
I believe ‘1’ should contain ‘xxx549’ not ‘)’.
I have tested the regexpn in ruby’s irb and it works fine there.
here is another example this one where the regexp should not have matched at all:
{"user_name":"9","user":"ping999","2":"9","1":"9","0":"ping999”}
macros 1 and 2 always seem to contain the last character of the original string.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200412/86a42400/attachment.html>
More information about the syslog-ng
mailing list