[rsyslog] Right regex format for property based filters
Rainer Gerhards
rgerhards at hq.adiscon.com
Wed Mar 4 16:35:59 CET 2009
Hi Janis,
the regex is Posix BRE, nor ERE. I think the syntax you use is not
supported in BRE (as a side-note, this reminds me that I wanted to check
what it takes to upgrade them to use ERE, too).
Rainer
> -----Original Message-----
> From: rsyslog-bounces at lists.adiscon.com [mailto:rsyslog-
> bounces at lists.adiscon.com] On Behalf Of Janis
> Sent: Wednesday, March 04, 2009 4:20 PM
> To: rsyslog at lists.adiscon.com
> Subject: [rsyslog] Right regex format for property based filters
>
> Hello list.
>
> I have a question regarding to rsyslog configuration. What is the
> correct syntax of property based
> filter with regex.
>
> I'm using this configuration right now, and would like to create date
> based logfiles for each host - hostA, hostB, hostC.
> But it doesn't work this way.
>
> $template TplFile,"/var/log/hosts/%HOSTNAME%-%$YEAR%-%$MONTH%-
> %$DAY%.log"
> :HOSTNAME, regex, "hostA|hostB|hostC" -?TplFile
>
> And when running rsyslog with -d, I got only false matches on this
> regex. I seems that it tries to match all the text
> inside quotes instead of regexp. As I have red in man page, and html
> docs, then regexp should be in POSIX RE format
> (tryed also everything enclosed in braces). For example, if I change
> regex like this:
>
> :HOSTNAME, regex, "host" -?TplFile
>
> Then it works and matches all the hosts (A,B,C), and creates the files
> for each (well it's the same as using contains).
> But that doesn't solve the problem, when there isn't equal start
> prefixes for all hosts.
> For example if I want to match hosts - dog,cat,cow.
>
> Best regards
> --janis
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com
More information about the rsyslog
mailing list