Thanks for your response Botond!
Essentially I am using the xm_csv module to break up an IIS-type log into fields and applying the regex against one of the fields, namely $auth, which is a string field.
From there I then process it via regex to get what I need from it.
I will explore an alternative method for the regex for now, I believe I can cook something up.
Thanks!
-Josh
-------- Original Message --------
Subject: Re: [nxlog-ce-users] Possible nxlog Regex Issue
From: Botond Botyanszki <[email protected]>
Date: Mon, August 26, 2013 8:23 am
To: [email protected]
Hi,
How is the value stored in the $auth field? Are you using a double quoted
string literal to load this value? If yes, that explains it.
The second one is a bug in the _expression_ parser. Seems to get confused
with too many backslash escape characters. Try rewriting the regexp until
a fix is available.
Regards,
Botond
On Wed, 21 Aug 2013 11:02:59 -0700
<[email protected]> wrote:
> I am using a regex to filter out a portion of a username as such in my nxlog.conf:
>
> if $auth =~ s/^(domain|DOMAIN|Domain)(\.lan|\.LAN)?([^\w])?//g; \
>
> I am noticing that on some usernames it actually strips off the first char of the username but seems to only affect the 'r' character:
>
> DOMAIN\robert.smith becomes obert.smith whereas DOMAIN\josh.smith becomes josh.smith, which is correct. I thought it had something to do with the backslash possibly causing it but when I change it to this:
>
> if $auth =~ s/^(domain|DOMAIN|Domain)(\.lan|\.LAN)?([(\\|\/)])?//g; \
>
> I get an error stating the following:
>
> 2013-08-21 12:49:02 ERROR Couldn't parse Exec block at /etc/nxlog.conf:102;couldn't parse statement at line 102, character 323 in /etc/nxlog.conf;failed to compile regular _expression_ '^(domain|DOMAIN|Domain)(\.lan|\.LAN)?([(\\|\', error at position 59: \ at end of pattern
>
> It seems that its not honoring the escaped forward slash at the end. Perhaps I am doing something wrong. Any help is great appreciated. nxlog is an amazing product, already using to filter several sets of ESXi logs and getting some awesome metrics on my outlook web access.
>
>
> Thanks,
> Josh
>
>
>
>
------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and
AppDynamics. Performance Central is your source for news, insights,
analysis and resources for efficient Application Performance Management.
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
nxlog-ce-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________ nxlog-ce-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
