You missed something: after 'NOTICE[23927]' there is '[C-0000013] chan_sip.c:'
which is not in your prematch.
In my "Guide to gooder grammer", I had a rule: "Proofread your writing to see
if you any words out".
On Dec 11, 2012, at 12:12 AM, Phil Daws wrote:
> Hello:
>
> am attempting to write a local decoder for Asterisk and cannot get the syntax
> correct. The log line appears as:
>
> [Dec 10 19:47:47] NOTICE[23927][C-00000013] chan_sip.c: Call from ''
> (NNN.NNN.NNN.NNN:9202) to extension 'NNNNNNNNNNNNN' rejected because
> extension not found in context 'XXXXXXXXXXX'.
>
> and I have tried the following decoder:
>
> <decoder name="local-asterisk-registration">
> <prematch>NOTICE[\d+] \S+: Call from \S+ \((\d+.\d+.\d+.\d+):\d+\)
> </prematch>
> <regex offset="after_prematch">to extension \S+ rejected because extension
> not found in context</regex>
> <order>srcip</order>
> </decoder>
>
> this never matches and am wondering whether it is due to the '(' around the
> source IP ?
>
> Any help appreciated.
