Package: dsyslog Version: 0.6.0+b1 Severity: important Instead of replacing matched regexps, when you enabling the filter regexp, you get no logs written at all.
I have the following:
loadmodule "source_localsock.so";
loadmodule "source_mark.so";
loadmodule "source_klogfile.so";
loadmodule "source_udp.so";
loadmodule "filter_dropprog.so";
loadmodule "filter_droppriority.so";
loadmodule "filter_regexp.so";
loadmodule "output_file.so";
loadmodule "output_udp.so";
loadmodule "cond_literal.so";
loadmodule "cond_pattern.so";
source localsock { path "/dev/log"; };
source klogfile { path "/proc/kmsg"; };
source mark;
filter regexp {
message
"(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])([\\.\\-](25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])){3}";
replace "0.0.0.0";
};
output file { path "/var/log/auth.log"; condition literal { program sshd; }; };
If I use the above, I can see with strace the messages come in, but
aren't written to anything. If I comment out the regexp filter, then the
lines are logged (but without the regexp replacement of course).
micah
--
pgpg0rBYIhsiG.pgp
Description: PGP signature
