[rsyslog] Right regex format for property based filters

Rainer Gerhards rgerhards at hq.adiscon.com
Wed Mar 4 18:56:05 CET 2009 

All,

I introduced a memory leak with the ERE enhancement. It is fixed now. So
be sure to apply all patches after the one I mentioned.

For your convenience, I created a temporary tarball based on the fixed
version. It is available at

http://download.rsyslog.com/rsyslog/tmp.tar.gz

The tarball claims to contain 4.1.4, but you should not count on that it
is equal to the released version. I will *not* care any more about this
tarball. But I think it is useful to have a version right at hand. Also,
this doesn't require any autotools tricks ;)

Rainer


On Wed, 2009-03-04 at 18:38 +0100, Rainer Gerhards wrote:
> Janis,
> 
> I have added ERE filter support to the devel branch and your use case
> described below now works - you just need to use "ereregexp" instead of
> "regexp". No release tarball yet, the patch is here:
> 
> http://git.adiscon.com/?p=rsyslog.git;a=commitdiff;h=5005bce38763051b5b12e48ac60c3ff17097a952
> 
> I did some quick checks, but would appreciate if some others try it out.
> 
> Rainer
> 
> On Wed, 2009-03-04 at 17:20 +0200, Janis wrote:
> > Hello list.
> > 
> > I have a question regarding to rsyslog configuration. What is the 
> > correct syntax of property based
> > filter with regex.
> > 
> > I'm using this configuration right now, and would like to create date 
> > based logfiles for each host - hostA, hostB, hostC.
> > But it doesn't work this way.
> > 
> > $template TplFile,"/var/log/hosts/%HOSTNAME%-%$YEAR%-%$MONTH%-%$DAY%.log"
> > :HOSTNAME, regex, "hostA|hostB|hostC" -?TplFile
> > 
> > And when running rsyslog with -d, I got only false matches on this 
> > regex. I seems that it tries to match all the text
> > inside quotes instead of regexp. As I have red in man page, and html 
> > docs, then regexp should be in POSIX RE format
> > (tryed also everything enclosed in braces). For example, if I change 
> > regex like this:
> > 
> > :HOSTNAME, regex, "host" -?TplFile
> > 
> > Then it works and matches all the hosts (A,B,C), and creates the files 
> > for each (well it's the same as using contains).
> > But that doesn't solve the problem, when there isn't equal start 
> > prefixes for all hosts.
> > For example if I want to match hosts - dog,cat,cow.
> > 
> > Best regards
> > --janis
> > _______________________________________________
> > rsyslog mailing list
> > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com
> 
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com

More information about the rsyslog mailing list