[rsyslog] Right regex format for property based filters
Rainer Gerhards
rgerhards at hq.adiscon.com
Wed Mar 4 18:38:44 CET 2009
Janis,
I have added ERE filter support to the devel branch and your use case
described below now works - you just need to use "ereregexp" instead of
"regexp". No release tarball yet, the patch is here:
http://git.adiscon.com/?p=rsyslog.git;a=commitdiff;h=5005bce38763051b5b12e48ac60c3ff17097a952
I did some quick checks, but would appreciate if some others try it out.
Rainer
On Wed, 2009-03-04 at 17:20 +0200, Janis wrote:
> Hello list.
>
> I have a question regarding to rsyslog configuration. What is the
> correct syntax of property based
> filter with regex.
>
> I'm using this configuration right now, and would like to create date
> based logfiles for each host - hostA, hostB, hostC.
> But it doesn't work this way.
>
> $template TplFile,"/var/log/hosts/%HOSTNAME%-%$YEAR%-%$MONTH%-%$DAY%.log"
> :HOSTNAME, regex, "hostA|hostB|hostC" -?TplFile
>
> And when running rsyslog with -d, I got only false matches on this
> regex. I seems that it tries to match all the text
> inside quotes instead of regexp. As I have red in man page, and html
> docs, then regexp should be in POSIX RE format
> (tryed also everything enclosed in braces). For example, if I change
> regex like this:
>
> :HOSTNAME, regex, "host" -?TplFile
>
> Then it works and matches all the hosts (A,B,C), and creates the files
> for each (well it's the same as using contains).
> But that doesn't solve the problem, when there isn't equal start
> prefixes for all hosts.
> For example if I want to match hosts - dog,cat,cow.
>
> Best regards
> --janis
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com
More information about the rsyslog
mailing list