[rsyslog-notify] Forum Thread: Word boundary with RainerScript - (Mode 'post')
noreply at adiscon.com
noreply at adiscon.com
Tue Feb 2 14:10:31 CET 2016
User: Jzeolla
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26316#p26316
Message:
----------
I'm trying to monitor the message portion of incoming syslog for certain
strings, but the syslog messages that we get vary greatly in format. For
instance, we may want to take action if $msg contains_i "string" and some
messages may look like
"www.example.com/test?arg1=1&arg2=2&arg3=string&arg4=4",
"|arg1|arg2|string|arg4", "this is an example message which contains the
string and other text", or a variety of other formats. The problem is, if
I simply use contains_i "string" like I showed before, then I get a very
large amount of false positives for things like "unstring", "astringent",
"bowstrings", or "therearenotthestringsyouarelookingfor".
I was wondering if RainerScript has anything like grep's -w, where the
matching substring must either be at the beginning of the line, or preceded
by a non-word constituent character.
Thanks,
Jon
More information about the rsyslog-notify
mailing list